NTC Vulkan is a cybersecurity consultancy firm based in Moscow, which appears to offer ordinary cybersecurity services on the surface. However, a recent leak of confidential documents has revealed that the company's engineers are also involved in the development of advanced hacking and disinformation tools for the Russian military.
The leaked documents indicate that NTC Vulkan has been working with several Russian military and intelligence agencies including the FSB, GOU, GRU, and SVR to support cyber operations.
In addition to this, one of the company's cyber-attack tools, Scan-V, has been linked to the notorious Sandworm hacking group. The tool searches for internet vulnerabilities and saves them for future use in cyber-attacks.
Another system developed by NTC Vulkan, known as Amezit, is a comprehensive framework for controlling and monitoring the internet in regions under Russia's command. This system enables the spread of disinformation through the use of fake social media profiles, in addition to surveillance and monitoring of the internet.
The third system developed by NTC Vulkan, Crystal-2V, is a training program for cyber operatives in the methods required to bring down rail, air, and sea infrastructure. The information processed and stored by the Crystal-2V system is deemed "Top Secret."
It is a very unusual or rare incident, thousands of pages of secret documents dated from 2016 to 2021, have been revealed by an anonymous source, however, he approached the German newspaper Süddeutsche Zeitung just days after the Russian invasion of Ukraine began. The unknown source expressed anger over the Russian government's actions in Ukraine and the role played by NTC Vulkan in supporting those actions.
According to him, the GRU and FSB, two of Russia's most prominent intelligence agencies, were "hiding behind" NTC Vulkan. The individual also expressed a desire to make the information contained in the leaked documents public to raise awareness about the dangers posed by the company's activities and the Russian government's actions.
The authenticity of the Vulkan files has been confirmed by five western intelligence agencies, while both the company and the Kremlin have remained silent on the matter.
The leaked documents reveal emails, internal documents, project plans, budgets, and contracts that shed light on Russia's cyber warfare efforts in the midst of a violent conflict with Ukraine.
It is unclear if the tools developed by Vulkan have been used for real-world attacks. However, it is known that Russian hackers have targeted Ukrainian computer networks repeatedly. The documents also suggest potential targets, including the USA and Switzerland.
Nevertheless, advanced hacking and disinformation tools are being used by the Russian military and intelligence agencies. This raises significant concerns about the nature and scope of Russia's cyberwarfare capabilities.