Vulkan files: Russia's cyber army collects vulnerabilities

Vulkan files: Russia's cyber army collects vulnerabilities

Share post

An evaluation of the Vulkan files by many media and journalists shows that Russia's secret services FSB, GRU and SWR commission domestic companies to develop software and databases for cyber attacks, to look for vulnerabilities and to make them available to state hacker groups such as Sandworm. 

The linchpin of the story are the Vulkan files, which were passed anonymously to the reporter Hannes Munzinger. Thousands of pages of secret material contain training documents for the Russian cyber army. The possible targets of attacks are summarized in these documents: paralyzing control systems for rail, air and ship transport, disrupting the functions of energy companies, and attacks on critical infrastructure.

Protection aid for Russian state hackers

More than 50 journalists from well-known media such as SZ, Der Spiegel, paper trail media and ZDF were involved in evaluating the documents. The ZDF team of the Frontal show has the Evaluation processed in a very detailed report, which is available in the media library.

The documents document the tasks of the Russian company Vulkan: they are to provide a worldwide database of vulnerabilities, manufacture tools for attacks, and develop software for taking over networks and completely reversing the content. In this way, entire network sections in occupied areas should only show the results of disinformation. The appropriate software Amesit-W takes care of this task. Russian intelligence authorities are already working with program parts such as PMS and PRR - presumably to control the Internet content of the occupied territories in Ukraine.

Second battlefield in cyberspace

🔎 The frontal report on the Vulkan files summarizes everything very well (Image: ZDF).

Analyzes of the Vulkan files show that Russia is actually testing all of its cyber weapons in Ukraine or using them directly. For example, the APT group Sandworm was initially an independent actor with no state connection, but is now acting openly. Because the group is now known to be the special unit 74455 of the Russian military intelligence service GRU.

At the beginning of the Ukraine war, the Sandworm group attacked public facilities, communications and facilities controlling the wider infrastructure. This alone caused a lot of collateral damage, such as the attack on KA-SAT, which not only provided the Ukraine with Internet but is also used by European customers. After KA-SAT was paralyzed, access to 5.000 German wind turbines was also disrupted. Control was no longer possible.

The current change in strategy also shows that state hackers, such as Sandworm, are acting in accordance with the Russian command: for some time now, the hackers have been attacking almost exclusively critical infrastructure, such as electricity and water supply, thermal power plants and other KRITIS facilities. At the same time, the Russian army is also attacking these targets with drones and missiles.

Attacks under the cover of APT groups

In Europe, more and more governments and companies are being attacked that are in any way collaborating with Ukraine or supporting sanctions against Russia. This is also shown by the many reports from the security specialists, such as the fact that there is much more jamming and destroying software out there. Check Point also stated this in its report. This type of software is not used in a ransom or spy business. In geopolitical conflicts, they are part of the arsenal of cyber weapons that specifically destroy data and structures.

Editor/sel

 

Matching articles on the topic

Wireless security for OT and IoT environments

Wireless devices are becoming more and more common. This increases the number of access points through which attackers can penetrate networks. A new ➡ Read more

Professional cybersecurity for SMEs

Managed detection and response (MDR) for SMEs 24/7, 365 days a year. The IT security manufacturer ESET has expanded its offering ➡ Read more

Prevent malicious software from starting

A cyber protection provider has added a new feature to its security platform. It improves cybersecurity by preventing the launch of malicious or ➡ Read more

Pikabot: camouflage and deceive

Pikabot is a sophisticated and modular backdoor Trojan that first appeared in early 2023. His most notable quality lies in ability ➡ Read more

Ransomware-resistant WORM archives for data backup 

A data archive is a must for every company. Few people know: An active WORM archive can help to streamline data backup, ➡ Read more

A comeback from Lockbit is likely

It is fundamentally important for Lockbit to be visible again quickly. Victims are presumably less willing to pay as long as there are rumors ➡ Read more

Danger of election manipulation through cyber attacks

Cyberattackers are attempting to influence elections around the world using generative AI technology. The latest findings from the Global Threat Report ➡ Read more

Detect and defend against threats

In today's digitalized business landscape, combating threats requires a continuous, proactive and holistic approach. Open Extended ➡ Read more