Leaked Documents Reveal Russia’s Cyberwarfare Tools

This post is also available in: עברית (Hebrew)

Documents leaked from Russian IT contractor NTC Vulkan show the company’s possible involvement in the development of offensive hacking tools, including for the advanced persistent threat (APT) actor known as Sandworm, Mandiant reports.

Based in Moscow, NTC Vulkan advertises its collaboration with Russian organizations and government agencies, without mentioning any involvement in the operations of state-sponsored groups or intelligence services.

Documents dated between 2016 and 2020, however, show that the company has been contracted by Russian intelligence, including the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) Unit 74455 for the development of tools, training programs, and an intrusion platform.

The leaked documents, referred to as The Vulkan Files, were obtained by a whistleblower and analyzed by Mandiant in collaboration with several major media outlets in Europe and the United States.

While it is unclear whether the required capabilities have been indeed implemented, the documents, which Mandiant believes to be legitimate, do show NTC Vulkan’s involvement in projects to enable Russia’s cyber and information operations, potentially targeting operational technology (OT) systems.