The Evolution Of Russian Cyber Warfare

Uploaded on 2023-04-28 in INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Documents from a Russian intelligence subcontractor provide insight into the Kremlin's cyberwar objectives and potential long-term threats to Western organisations.  

Where Russia may fall behind other countries around the world regarding military capabilities and combat resources, it's continued cyber espionage and information warfare campaign has been developed to balance out power with the rest of the world. 

This technological battle, which is usually conducted remotely, without a spy ever leaving their home country has become the future of warfare.

The current war in Ukraine is the largest military conflict of the cyber age and the first to incorporate such significant levels of cyber operations on all sides. Russia launched its war on Ukraine on 24 February 2022, but Russian cyber-attacks against Ukraine have persisted ever since Russia's illegal annexation of Crimea in 2014, intensifying just before the 2022 invasion.

Over this period, Ukraine's public, energy, media, financial, business and non-profit sectors have been on the frontline. SinceFebruary 2022, Russian cyber attacks have undermined the distribution of medicines, food and relief supplies.

In 2022 the Russian company NTC Vulkan suffered a data leak, involving thousands of pages of secret documentation related to Moscow's cyber and information operations capabilities, highlights Russia's obsession with social control and non-kinetic interference. Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the Internet.

An unhappy employee of a contracting firm associated with Russian military and security services leaked over 5,000 documents to a German newspaper, including manuals, reports, and software specification sheets, dating from 2016 to 2021.

The documents detail applications and database resources developed by NTC Vulkan for use by Russian intelligence agencies, revealing links to known threat actors like Military Unit 74455 know as Sandworm.

One document links a Vulkan cyber-attack tool with the hacking group Sandworm, which the US government said twice caused blackouts in Ukraine, disrupted the Olympics in South Korea and launched NotPetya, the most economically destructive malware in history. Codenamed Scan-V, it scours the Internet for vulnerabilities, which are then stored for use in future cyber-attacks.

Capabilities & Tools

The leak provides insight into tools geared towards large-scale attack preparation and automated disinformation dissemination. Among these tools are "Skan-V" or "Scan," an information gathering application for operational reconnaissance, and "Amezit" and "Krystal-2B," both focusing on offensive operations against critical infrastructure targets and automating disinformation campaigns.

The Vulkan leak demonstrates Russia's blended public-private digital security apparatus and an iterative evolution of its cyber warfare capabilities.

Vulkan's close relationship with the state military-intelligence organs is similar to Moscow's connections with cyber criminal organisations, acting as private incubators of cyber warfighting capacity.

Information Confrontation

Russian cyber developments align with the concept of "information confrontation", non-standard methods of engagement to produce coercive leverage while avoiding escalation. Tools like Scan and Amezit reflect Russia's commitment to information control and scaling tactical effects to secure strategic gains.

The Vulkan leaks contradict various narratives of Russia's digital retreat from the open internet, emphasising the need for vigilance and preparation.

Workforce diffusion from companies like NTC Vulkan to global technology firms poses potential insider threats. Employers should scrutinize those with employment history in the Russian economy and restrict access to critical systems.

Russia's cyber capabilities target sector- and firm-specific vulnerabilities on a large scale. Defensive efforts must adapt to this evolving attacker perspective. As Russia's cyber capabilities evolve, their influence campaigns become more traceable.

By understanding Moscow's unique political-strategic calculus, businesses can better combat the influence of incubation farms like NTC Vulkan.

Conclusion

The NTC Vulkan leaks highlight the evolving nature of cyber warfare and the need for businesses to adapt to emerging threats.

By understanding Russia's unique cyber strategies and implementing proactive defense measures, businesses can better protect themselves from the implications of cyber warfare and maintain a secure operating environment.

EU Parliament:      Carnegie Endowment:     ICTFF:      Small Wars Journal:     Guardian:    CSO Online:  

You Might Also Read: 

Cyberwar: Lessons From Ukraine:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« An Increasingly Diverse Attack Landscape
What Is A Credential Stuffing Attack & How To Protect Your Organization »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

AlgoSec

AlgoSec

The AlgoSec platform enables the world’s most complex organizations to gain visibility, reduce risk and process changes at zero-touch across the hybrid network.

The Josef Group (TJG)

The Josef Group (TJG)

The Josef Group Inc. is a certified woman-owned permanent staffing agency specializing in Information Technology, Engineering, and US Government "cleared" IT candidates.

Synopsys

Synopsys

Synopsys delivers trusted and comprehensive silicon to systems design solutions, from electronic design automation to silicon IP and system verification and validation.

Assured Data Protection

Assured Data Protection

Assured Data Protection specialises in data protection and disaster recovery services for large SME and enterprise organisations.

Maryman & Associates

Maryman & Associates

Maryman & Associates are specialists in computer forensic investigations, incident response and e-discovery services.

Acutec

Acutec

Acutec is an award winning IT support, services and solutions provider including managed IT Security and backup/disaster recovery.

VerifyMe

VerifyMe

VerifyMe is a global technology solutions company delivering brand protection offerings to mitigate counterfeiting, product diversion, and illicit trade.

Secure Code Warrior

Secure Code Warrior

Secure your code from the start with gamified, scalable online secure coding training for software developers.

Semmle

Semmle

Semmle's code analysis platform helps teams find zero-days and automate variant analysis. Secure your code with continuous security analysis and automated code review.

CyberGuard Technologies

CyberGuard Technologies

CyberGuard Technologies provides a suite of fully managed end-to-end security services from its 24/7 UK security operations centre.

Mitiga

Mitiga

Mitiga uniquily combines the top cybersecurity minds in Incident Readiness and Response with a cloud-based platform for cloud and hybrid environments.

Chartered Institute of Information Security (CIISec)

Chartered Institute of Information Security (CIISec)

CIISec is dedicated to helping individuals and organisations develop capability and competency in cyber security.

Cloud Seguro

Cloud Seguro

Cloud Seguro are leaders in the development of cloud solutions, Ethical Hacking, Privacy and Information Security.

Hummingbird International

Hummingbird International

Hummingbird International, LLC offers services for the collection, audit, computer recycling and safe disposal of laptops, monitor/LCD, hard drives, and IT disposal.

Cyber Defense International (CDI)

Cyber Defense International (CDI)

At CDI, we utilize decades of experience in designing and building large-scale cybersecurity programs, creating tailored solutions and services that protect businesses from cyber threats.

Simpson Associates

Simpson Associates

Simpson Associates is a Data Transformation and managed services provider that helps organisations gain valuable insights from their data and make better-informed decisions.