Documents leaked by whistleblower angry over Ukraine war
by Luke Harding, Stiliyana Simeonova, Manisha Ganguly and Dan Sabbagh
The inconspicuous office is in Moscow’s north-eastern suburbs. A sign reads: “Business centre”. Nearby are modern residential blocks and a rambling old cemetery, home to ivy-covered war memorials. The area is where Peter the Great once trained his mighty army.
Inside the six-storey building, a new generation is helping Russian military operations. Its weapons are more advanced than those of Peter the Great’s era: not pikes and halberds, but hacking and disinformation tools.
The software engineers behind these systems are employees of NTC Vulkan. On the surface, it looks like a run-of-the-mill cybersecurity consultancy. However, a leak of secret files from the company has exposed its work bolstering Vladimir Putin’s cyberwarfare capabilities.
Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet.
The company’s work is linked to the federal security service or FSB, the domestic spy agency; the operational and intelligence divisions of the armed forces, known as the GOU and GRU; and the SVR, Russia’s foreign intelligence organisation.
One document links a Vulkan cyber-attack tool with the notorious hacking group Sandworm, which the US government said twice caused blackouts in Ukraine, disrupted the Olympics in South Korea and launched NotPetya, the most economically destructive malware in history. Codenamed Scan-V, it scours the internet for vulnerabilities, which are then stored for use in future cyber-attacks.
The raid involved eight drones, all of which have been neutralized, Russia’s Ministry of Defense has said