The Evolution Of Russian Cyber Warfare

Uploaded on 2023-04-28 in INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Documents from a Russian intelligence subcontractor provide insight into the Kremlin's cyberwar objectives and potential long-term threats to Western organisations.  

Where Russia may fall behind other countries around the world regarding military capabilities and combat resources, it's continued cyber espionage and information warfare campaign has been developed to balance out power with the rest of the world. 

This technological battle, which is usually conducted remotely, without a spy ever leaving their home country has become the future of warfare.

The current war in Ukraine is the largest military conflict of the cyber age and the first to incorporate such significant levels of cyber operations on all sides. Russia launched its war on Ukraine on 24 February 2022, but Russian cyber-attacks against Ukraine have persisted ever since Russia's illegal annexation of Crimea in 2014, intensifying just before the 2022 invasion.

Over this period, Ukraine's public, energy, media, financial, business and non-profit sectors have been on the frontline. SinceFebruary 2022, Russian cyber attacks have undermined the distribution of medicines, food and relief supplies.

In 2022 the Russian company NTC Vulkan suffered a data leak, involving thousands of pages of secret documentation related to Moscow's cyber and information operations capabilities, highlights Russia's obsession with social control and non-kinetic interference. Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the Internet.

An unhappy employee of a contracting firm associated with Russian military and security services leaked over 5,000 documents to a German newspaper, including manuals, reports, and software specification sheets, dating from 2016 to 2021.

The documents detail applications and database resources developed by NTC Vulkan for use by Russian intelligence agencies, revealing links to known threat actors like Military Unit 74455 know as Sandworm.

One document links a Vulkan cyber-attack tool with the hacking group Sandworm, which the US government said twice caused blackouts in Ukraine, disrupted the Olympics in South Korea and launched NotPetya, the most economically destructive malware in history. Codenamed Scan-V, it scours the Internet for vulnerabilities, which are then stored for use in future cyber-attacks.

Capabilities & Tools

The leak provides insight into tools geared towards large-scale attack preparation and automated disinformation dissemination. Among these tools are "Skan-V" or "Scan," an information gathering application for operational reconnaissance, and "Amezit" and "Krystal-2B," both focusing on offensive operations against critical infrastructure targets and automating disinformation campaigns.

The Vulkan leak demonstrates Russia's blended public-private digital security apparatus and an iterative evolution of its cyber warfare capabilities.

Vulkan's close relationship with the state military-intelligence organs is similar to Moscow's connections with cyber criminal organisations, acting as private incubators of cyber warfighting capacity.

Information Confrontation

Russian cyber developments align with the concept of "information confrontation", non-standard methods of engagement to produce coercive leverage while avoiding escalation. Tools like Scan and Amezit reflect Russia's commitment to information control and scaling tactical effects to secure strategic gains.

The Vulkan leaks contradict various narratives of Russia's digital retreat from the open internet, emphasising the need for vigilance and preparation.

Workforce diffusion from companies like NTC Vulkan to global technology firms poses potential insider threats. Employers should scrutinize those with employment history in the Russian economy and restrict access to critical systems.

Russia's cyber capabilities target sector- and firm-specific vulnerabilities on a large scale. Defensive efforts must adapt to this evolving attacker perspective. As Russia's cyber capabilities evolve, their influence campaigns become more traceable.

By understanding Moscow's unique political-strategic calculus, businesses can better combat the influence of incubation farms like NTC Vulkan.

Conclusion

The NTC Vulkan leaks highlight the evolving nature of cyber warfare and the need for businesses to adapt to emerging threats.

By understanding Russia's unique cyber strategies and implementing proactive defense measures, businesses can better protect themselves from the implications of cyber warfare and maintain a secure operating environment.

EU Parliament:      Carnegie Endowment:     ICTFF:      Small Wars Journal:     Guardian:    CSO Online:  

You Might Also Read: 

Cyberwar: Lessons From Ukraine:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« An Increasingly Diverse Attack Landscape
What Is A Credential Stuffing Attack & How To Protect Your Organization »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Dark Reading

Dark Reading

Dark Reading is the most trusted online community for security professionals.

Napatech

Napatech

Napatech develops and manufactures high speed network accelerators specifically designed for real-time network monitoring and analysis applications.

Information-Technology Promotion Agency (IPA) - Japan

Information-Technology Promotion Agency (IPA) - Japan

IPA is an implementing agency in Japan with a role to address Information Security, IT Systems Reliability and IT Resource Development.

Consult Hyperion

Consult Hyperion

Consult Hyperion is an independent strategic and technical consultancy specialising in digital identity and secure electronic transactions.

Cyberint

Cyberint

Cyberint, the Impactful Intelligence company, fuses open-deep-and darkweb Threat Intelligence with Attack Surface Management to deliver maximum protection from external threats.

Fujitsu

Fujitsu

Fujitsu is the leading Japanese global information and communication technology company, offering a full range of products, solutions and services including Managed IT Services and Cyber Security.

CloudMask

CloudMask

CloudMask patent technology provides Dynamic Data Masking (DDM) that masks sensitive data, structured or non-structured, in real-time.

Identity Defined Security Alliance (IDSA)

Identity Defined Security Alliance (IDSA)

IDSA is a group of identity and security vendors, solution providers and practitioners that acts as an independent source of education and information on identity-centric security strategies.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

iSecurity Consulting

iSecurity Consulting

iSecurity delivers a complete lifecycle of digital protection services across the globe for public and private sector clients.

Focal Point

Focal Point

We aspire to be the focal point for Medium and Small size companies providing 24/7 cyber security advice, services and solutions.

Automation Workz

Automation Workz

Automation Workz has been ranked as a top 10 Cybersecurity Bootcamp in the US by Career Karma.

ISSQUARED

ISSQUARED

ISSQUARED is a leading provider of Cyber Security, Cloud, Infrastructure, Consulting and Digital Transformation services.

Liquis Inc.

Liquis Inc.

Liquis, founded in 2002, is one of the largest facility decommissioning services companies in the U.S.

Computer Futures

Computer Futures

Computer Futures are a global specialist IT recruitment partner, matching candidates with roles across niche IT markets and core technologies.