The Evolution Of Russian Cyber Warfare

Uploaded on 2023-04-28 in INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Documents from a Russian intelligence subcontractor provide insight into the Kremlin's cyberwar objectives and potential long-term threats to Western organisations.  

Where Russia may fall behind other countries around the world regarding military capabilities and combat resources, it's continued cyber espionage and information warfare campaign has been developed to balance out power with the rest of the world. 

This technological battle, which is usually conducted remotely, without a spy ever leaving their home country has become the future of warfare.

The current war in Ukraine is the largest military conflict of the cyber age and the first to incorporate such significant levels of cyber operations on all sides. Russia launched its war on Ukraine on 24 February 2022, but Russian cyber-attacks against Ukraine have persisted ever since Russia's illegal annexation of Crimea in 2014, intensifying just before the 2022 invasion.

Over this period, Ukraine's public, energy, media, financial, business and non-profit sectors have been on the frontline. SinceFebruary 2022, Russian cyber attacks have undermined the distribution of medicines, food and relief supplies.

In 2022 the Russian company NTC Vulkan suffered a data leak, involving thousands of pages of secret documentation related to Moscow's cyber and information operations capabilities, highlights Russia's obsession with social control and non-kinetic interference. Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the Internet.

An unhappy employee of a contracting firm associated with Russian military and security services leaked over 5,000 documents to a German newspaper, including manuals, reports, and software specification sheets, dating from 2016 to 2021.

The documents detail applications and database resources developed by NTC Vulkan for use by Russian intelligence agencies, revealing links to known threat actors like Military Unit 74455 know as Sandworm.

One document links a Vulkan cyber-attack tool with the hacking group Sandworm, which the US government said twice caused blackouts in Ukraine, disrupted the Olympics in South Korea and launched NotPetya, the most economically destructive malware in history. Codenamed Scan-V, it scours the Internet for vulnerabilities, which are then stored for use in future cyber-attacks.

Capabilities & Tools

The leak provides insight into tools geared towards large-scale attack preparation and automated disinformation dissemination. Among these tools are "Skan-V" or "Scan," an information gathering application for operational reconnaissance, and "Amezit" and "Krystal-2B," both focusing on offensive operations against critical infrastructure targets and automating disinformation campaigns.

The Vulkan leak demonstrates Russia's blended public-private digital security apparatus and an iterative evolution of its cyber warfare capabilities.

Vulkan's close relationship with the state military-intelligence organs is similar to Moscow's connections with cyber criminal organisations, acting as private incubators of cyber warfighting capacity.

Information Confrontation

Russian cyber developments align with the concept of "information confrontation", non-standard methods of engagement to produce coercive leverage while avoiding escalation. Tools like Scan and Amezit reflect Russia's commitment to information control and scaling tactical effects to secure strategic gains.

The Vulkan leaks contradict various narratives of Russia's digital retreat from the open internet, emphasising the need for vigilance and preparation.

Workforce diffusion from companies like NTC Vulkan to global technology firms poses potential insider threats. Employers should scrutinize those with employment history in the Russian economy and restrict access to critical systems.

Russia's cyber capabilities target sector- and firm-specific vulnerabilities on a large scale. Defensive efforts must adapt to this evolving attacker perspective. As Russia's cyber capabilities evolve, their influence campaigns become more traceable.

By understanding Moscow's unique political-strategic calculus, businesses can better combat the influence of incubation farms like NTC Vulkan.

Conclusion

The NTC Vulkan leaks highlight the evolving nature of cyber warfare and the need for businesses to adapt to emerging threats.

By understanding Russia's unique cyber strategies and implementing proactive defense measures, businesses can better protect themselves from the implications of cyber warfare and maintain a secure operating environment.

EU Parliament:      Carnegie Endowment:     ICTFF:      Small Wars Journal:     Guardian:    CSO Online:  

You Might Also Read: 

Cyberwar: Lessons From Ukraine:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« An Increasingly Diverse Attack Landscape
What Is A Credential Stuffing Attack & How To Protect Your Organization »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Teradata

Teradata

Teradata is a leading provider of enterprise big data analytics and services. Applications include Cyber Security Analytics.

Torsion Information Security

Torsion Information Security

Torsion is an innovative information security and compliance engine, which runs either in the cloud or your data centre.

Temasoft

Temasoft

TEMASOFT is a software company focused on developing security and infrastructure products.

CyberStream

CyberStream

CyberStream, a division of the TechStream Group, is an information & cybersecurity talent acquisition solution provider.

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions provides advanced, innovative data security solutions for enterprises, professionals and individuals.

Trustonic

Trustonic

Trustonic is a leader in the device security market. Our mission is to protect apps, secure devices & enable trust.

Palantir

Palantir

Palantir software empowers entire organizations to answer complex questions quickly by bringing the right data to the people who need it.

NetApp Excellerator

NetApp Excellerator

NetApp Excellerator is NetApp’s global start-up program that aims to fuel innovation by partnering with deep-tech start-ups.

AaDya

AaDya

AaDya provide smart, simple, affordable and effective cybersecurity software solutions for small and medium businesses.

Datenschutz Schmidt

Datenschutz Schmidt

Datenschutz Schmidt is a service provider with many years of experience, we support you in complying with numerous data protection guidelines, requirements and laws.

BugDazz

BugDazz

BugDazz pentest as a service (PTaaS) platform helps bringing in real-time results, detail coverage, & easy remediation workflows with compliance-ready reports.

WhiteJar

WhiteJar

WhiteJar offers an innovative approach to modern cybersecurity needs, empowering Ethical Hackers within its unique crowd platform.

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji) (formerly known as HLB Crosbie & Associates) is a well-established firm of accountants and business advisers in Fiji.

HashiCorp

HashiCorp

At HashiCorp, we believe infrastructure enables innovation, and we are helping organizations to operate that infrastructure in the cloud.

Geobridge

Geobridge

Geobridge was one of the first information security solutions providers to support cryptography and payment applications for payment processors, financial institutions and retail organizations.

Nerds On Site

Nerds On Site

Nerds On Site provide on-site & in-home IT and technical support, managed IT services, and cyber security through our collaborative team of highly-trained IT and Security professionals.