{"id":29234,"date":"2023-03-31T22:43:25","date_gmt":"2023-03-31T20:43:25","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=29234"},"modified":"2023-03-31T22:50:49","modified_gmt":"2023-03-31T20:50:49","slug":"vulcan-files-exposes-russias-cyberwar-strategies","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2023\/03\/31\/vulcan-files-exposes-russias-cyberwar-strategies\/","title":{"rendered":"Vulkan Files Exposes Russia's Cyberwar Strategies"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2023\/03\/31\/vulkan-files-legt-russlands-strategien-des-cyberkriegs-offen\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Files leaked from a whistle blower to German news magazine S\u00fcddeutsche Zeitung show how Russia under Putin is planning cyberwar. An evaluation by a media collective shows: Train and air lines are to be attaced, as well as energy supply and critical infrastructure. And our security culture continues to rely naively on increased digitization, including the cloud and up-to-date virus scanners.<\/p>\n<p><!--more--><\/p>\n<h2>The background<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg07.met.vgwort.de\/na\/f8ab1fb0338d4d66a46c738d690411e9\" alt=\"\" width=\"1\" height=\"1\" \/>Shortly after Russia's invasion of Ukraine, an anonymous source provided the S\u00fcddeutsche Zeitung (SZ) with thousands of internal documents from a Russian IT company called NTC Vulkan and the remark \"People should know what dangers this poses\". These documents, known as \"Vulkan Files\", were analyzed by a media collective (S\u00fcddeutsche Zeitung, ZDF frontal, Spiegel, etc.) and provide an accurate picture of what strategies the Kremlin is pursuing with a cyber war. Security vendor\u00a0Mandiant has also published <a href=\"https:\/\/www.mandiant.com\/resources\/blog\/cyber-operations-russian-vulkan\" target=\"_blank\" rel=\"noopener\">an articles about the topic<\/a> with technical details (see also the following <a href=\"https:\/\/twitter.com\/Cyber_O51NT\/status\/1641595879701495809\" target=\"_blank\" rel=\"noopener\">tweet<\/a>).<\/p>\n<p><a href=\"https:\/\/twitter.com\/Cyber_O51NT\/status\/1641595879701495809\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"Vulkan Files\" src=\"https:\/\/i.imgur.com\/ZH5LlRh.png\" alt=\"Vulkan Files\" \/><\/a><\/p>\n<h2>The Vulkan files<\/h2>\n<p>The Russian company Vulkan, based in Moscow, acts outwardly as a software developer. The internal documents prove that this company also works for Russian intelligence services: the GRU military intelligence service, the FSB domestic intelligence service and the SWR foreign intelligence service, writes German broadcasting station ZDF in <a href=\"https:\/\/www.zdf.de\/nachrichten\/digitales\/vulkan-files-cyberangriff-hacker-ukraine-krieg-russland-100.html#xtor=CS5-62\" target=\"_blank\" rel=\"noopener\">this article<\/a>. Training documents in the Vulkan Files reveal that the company develops software that can be used to train cyberattacks that:<\/p>\n<ul>\n<li>\"Crippling control systems of rail, air, and marine transportation.\"<\/li>\n<li>\"Disrupt energy companies and critical infrastructure.\"<\/li>\n<li>\"Identifying vulnerabilities of critical infrastructure to attack.\"<\/li>\n<\/ul>\n<p>Vulkan has a tool called Skan-W, a crawler that scans the Internet for vulnerabilities that attackers can use to penetrate foreign servers and retrieve information and cause damage. According to Google, Vulkan appears to have been active since 2012 and links it to the Russian APT group Cozy Bear. The latter is responsible for numerous attacks on organizations and companies.<\/p>\n<p>Russia is also pursuing the goal of controlling and monitoring communications and the Internet in occupied territories. Vulkan has the technology to do this, for example in the form of \"Amesit\" software. This can block access to unwanted data channels and, according to Vulkan files, redirect users to desired Internet resources in designated territories. Russian intelligence expert Andrei Soldatov, who was involved in the research on the \"Vulkan Files,\" is quoted in the ZDF report as saying, \"Their goal is complete control over the information in the territory they are trying to penetrate. So you go into an area, take control of communications and then use that control to spread disinformation,manipulate social media and suppress information.\"<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Files leaked from a whistle blower to German news magazine S\u00fcddeutsche Zeitung show how Russia under Putin is planning cyberwar. An evaluation by a media collective shows: Train and air lines are to be attaced, as well as energy supply &hellip; <a href=\"https:\/\/borncity.com\/win\/2023\/03\/31\/vulcan-files-exposes-russias-cyberwar-strategies\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-29234","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/29234","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=29234"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/29234\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=29234"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=29234"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=29234"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}