Guardian: leak of classified documents from Russian IT company reveals Putin’s cyber warfare tactics

The Ministry of War of the terrorist state and Russian special services ordered software from the little-known IT company Vulcan for surveillance, cyberattacks, Internet isolation, and the operation of «troll factories.» This is stated in an investigation by the Süddeutsche Zeitung, The Guardian, and the Washington Post.

Initially, Süddeutsche Zeitung received an archive of documents related to Vulcan — an anonymous source decided to pass the information to the German publication «because of the events in Ukraine.» According to the source, the Russian GRU and FSB are behind the Vulcan company.

It is known that Vulcan employs more than 130 people, and the company’s profit in 2021 amounted to more than 1 billion rubles. The founders of the IT firm are Anton Markov and Alexander Irzhavsky.

Among the major projects Vulcan is working on is an order from the Russian Ministry of War. The department developed Amezit software that can monitor all Internet users in a certain territory. The program can also block access to certain websites.

«One of the documents links Vulcan to the well-known hacker group Sandworm, which the US government claims has twice caused power outages in Ukraine, tried to disrupt the South Korean Olympics, and launched NotPetya, a malware that seeks out vulnerabilities to be recorded for use in future cyberattacks,» The Guardian article says.

According to the investigation, Amezit can create hundreds of bots on social networks with a single click and then direct them to various tasks. The journalists claim to have found such bots and tracked the campaigns they participated in. Among them are campaigns against Hillary Clinton in the US presidential election.

What is interesting is that Russian cybercriminals can operate not only in Russia but also anywhere in the world.«Attackers need physical access to equipment, such as mobile phone towers, and to wireless communications.Once they control the transmission, traffic can be intercepted. Russian spies can identify people who use the Internet and track the information that users share with each other,» the journalists note.

At the moment, the Russian IT company Vulcan is not on any US or EU sanctions lists.

As a reminder, yesterday it became known about a new method of stealing digital assets from citizens of a terrorist state. Hackers have launched a fresh cryptocurrency theft campaign using a fake copy of the Tor browser. Under the guise of a browser, hackers distribute the CryptoClipper trojan. When it enters the system, the program disguises itself as a popular program icon and registers in the startup. As soon as the clipper detects an address in the clipboard that looks like a crypto wallet, it immediately changes it to one of the addresses belonging to the attacker.