Cybersecurity

Leaked documents offer fascinating insights into Russian cyber warfare

The Russian government allegedly hired a Moscow-based defense contractor to help its intelligence agencies enhance their cyber capabilities and spread disinformation online, according to corporate documents obtained by The Washington Post

The documents, which contain more than 5,000 pages, suggest that the defense contractor, NTC Vulkan, aided Russian intelligence agencies with social media disinformation and “training to remotely disrupt real-world targets, such as sea, air and rail control systems.”

The Post, which has seen the documents in question, said that they contain “internal company emails, financial records and contracts that show both the ambition of Russia’s cyber operations and the breadth of the work Moscow has been outsourcing.”

The news outlets said that the documents were provided by an anonymous individual who shared it first with a German reporter. The German journalist then shared it with a group of news outlets that included The Post. 

The anonymous whistleblower allegedly expressed outrage and disapproval of Russia’s invasion of Ukraine. 

“The company is doing bad things, and the Russian government is cowardly and wrong,” the individual allegedly said, referring to NTC Vulkan as the company.

“I am angry about the invasion of Ukraine and the terrible things that are happening there,” the whistleblower said. “I hope you can use this information to show what is happening behind closed doors.”

A number of Western intelligence officials and independent cybersecurity experts who reviewed the documents believe them to be authentic, The Post reported. 

“These officials and experts could not find definitive evidence that the systems have been deployed by Russia or been used in specific cyberattacks, but the documents describe testing and payments for work done by Vulkan for the Russian security services and several associated research institutes,” The Post said. 

Last year, cybersecurity firm Mandiant released a report that found that Russian-backed hackers launched several disinformation campaigns intended to demoralize Ukrainians and incite internal unrest.

In one of the campaigns, the hackers falsely claimed that Ukrainian President Volodymyr Zelensky died by suicide in a military bunker in Kyiv because of his failure to keep his country safe from Russian invasion.

The report also found that Russian-backed actors used Telegram, a popular social media platform, to spread disinformation including that the Ukrainian government was corrupt and incompetent and that the country was unprepared for the war.

Mandiant said that the disinformation campaigns it identified happened at the same time as disruptive cyberattacks that targeted Ukrainian government websites.

Despite the Russian government’s attempts to launch destructive cyberattacks against Ukraine, many of them failed to be as damaging or were thwarted by the Ukrainians who have had significant assistance from the U.S. and the EU in shoring up their cyber defenses.