The Evolution Of Russian Cyber Warfare

Uploaded on 2023-04-28 in INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Documents from a Russian intelligence subcontractor provide insight into the Kremlin's cyberwar objectives and potential long-term threats to Western organisations.  

Where Russia may fall behind other countries around the world regarding military capabilities and combat resources, it's continued cyber espionage and information warfare campaign has been developed to balance out power with the rest of the world. 

This technological battle, which is usually conducted remotely, without a spy ever leaving their home country has become the future of warfare.

The current war in Ukraine is the largest military conflict of the cyber age and the first to incorporate such significant levels of cyber operations on all sides. Russia launched its war on Ukraine on 24 February 2022, but Russian cyber-attacks against Ukraine have persisted ever since Russia's illegal annexation of Crimea in 2014, intensifying just before the 2022 invasion.

Over this period, Ukraine's public, energy, media, financial, business and non-profit sectors have been on the frontline. SinceFebruary 2022, Russian cyber attacks have undermined the distribution of medicines, food and relief supplies.

In 2022 the Russian company NTC Vulkan suffered a data leak, involving thousands of pages of secret documentation related to Moscow's cyber and information operations capabilities, highlights Russia's obsession with social control and non-kinetic interference. Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the Internet.

An unhappy employee of a contracting firm associated with Russian military and security services leaked over 5,000 documents to a German newspaper, including manuals, reports, and software specification sheets, dating from 2016 to 2021.

The documents detail applications and database resources developed by NTC Vulkan for use by Russian intelligence agencies, revealing links to known threat actors like Military Unit 74455 know as Sandworm.

One document links a Vulkan cyber-attack tool with the hacking group Sandworm, which the US government said twice caused blackouts in Ukraine, disrupted the Olympics in South Korea and launched NotPetya, the most economically destructive malware in history. Codenamed Scan-V, it scours the Internet for vulnerabilities, which are then stored for use in future cyber-attacks.

Capabilities & Tools

The leak provides insight into tools geared towards large-scale attack preparation and automated disinformation dissemination. Among these tools are "Skan-V" or "Scan," an information gathering application for operational reconnaissance, and "Amezit" and "Krystal-2B," both focusing on offensive operations against critical infrastructure targets and automating disinformation campaigns.

The Vulkan leak demonstrates Russia's blended public-private digital security apparatus and an iterative evolution of its cyber warfare capabilities.

Vulkan's close relationship with the state military-intelligence organs is similar to Moscow's connections with cyber criminal organisations, acting as private incubators of cyber warfighting capacity.

Information Confrontation

Russian cyber developments align with the concept of "information confrontation", non-standard methods of engagement to produce coercive leverage while avoiding escalation. Tools like Scan and Amezit reflect Russia's commitment to information control and scaling tactical effects to secure strategic gains.

The Vulkan leaks contradict various narratives of Russia's digital retreat from the open internet, emphasising the need for vigilance and preparation.

Workforce diffusion from companies like NTC Vulkan to global technology firms poses potential insider threats. Employers should scrutinize those with employment history in the Russian economy and restrict access to critical systems.

Russia's cyber capabilities target sector- and firm-specific vulnerabilities on a large scale. Defensive efforts must adapt to this evolving attacker perspective. As Russia's cyber capabilities evolve, their influence campaigns become more traceable.

By understanding Moscow's unique political-strategic calculus, businesses can better combat the influence of incubation farms like NTC Vulkan.

Conclusion

The NTC Vulkan leaks highlight the evolving nature of cyber warfare and the need for businesses to adapt to emerging threats.

By understanding Russia's unique cyber strategies and implementing proactive defense measures, businesses can better protect themselves from the implications of cyber warfare and maintain a secure operating environment.

EU Parliament:      Carnegie Endowment:     ICTFF:      Small Wars Journal:     Guardian:    CSO Online:  

You Might Also Read: 

Cyberwar: Lessons From Ukraine:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« An Increasingly Diverse Attack Landscape
What Is A Credential Stuffing Attack & How To Protect Your Organization »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Mellanox Technologies

Mellanox Technologies

Mellanox Technologies is a leading supplier of end-to-end Ethernet and InfiniBand intelligent interconnect solutions and services for servers, storage, and hyper-converged infrastructure.

Navista

Navista

Navista's hardware and software modules are especially designed to ease the deployment of secure networks.

Packet Ninjas

Packet Ninjas

Packet Ninjas is a niche cyber security agency with specialized expertise in the use of digital intelligence to strengthen cyber security.

Proficio

Proficio

Proficio is a world-class Managed Security Service Provider providing managed detection and response solutions, 24×7 security monitoring and advanced data breach prevention services worldwide.

Nullcon

Nullcon

Nullcon provides an integrated platform for exchanging information on the latest attack vectors, zero-day vulnerabilities and unknown threats.

Cybersecurity Coalition

Cybersecurity Coalition

The mission of the Cybersecurity Coalition is to bring together leading companies to help policymakers develop consensus-driven policy solutions to achieve improvements in cybersecurity.

Pentera Security

Pentera Security

Pentera (formerly Pcysys) is focused on the inside threat. Our automated penetration-testing platform mimics the hacker's attack - automating the discovery of vulnerabilities.

Avertium

Avertium

Avertium is the managed security and consulting provider that companies turn to when they want more than check-the-box cybersecurity.

Alacrinet

Alacrinet

Alacrinet is an IT and cyber security consultancy. From penetration testing to fully managed MSSP, our team is focused on knowing the latest threats, preventing vulnerabilities, and providing value.

Persona

Persona

At Persona, we’re humanizing online identity by helping companies verify that their users are who they say they are.

Oort

Oort

Oort is an identity threat detection and response platform for enterprise security. The Oort platform is API-driven, cloud-native and agentless for rapid time to value and high scalability.

Xoriant

Xoriant

Xoriant is a technology leader and execution partner throughout the Build, Run and Transform lifecycle for companies that create and use technology products.

Elba

Elba

Employee security needs to be reinvented. SaaS security needs to involve end-user and awareness needs to be actionable. Meet elba, the 5-in-one cybersecurity hub with no compromises.

Brightside AI

Brightside AI

Brightside AI is a Swiss cybersecurity SaaS that helps teams combat AI-enabled phishing threats. Protect your team today.

NewEvol

NewEvol

Don’t React, Evolve! Outsmart threats with real-time AI-powered dynamic defense capability of NewEvol all-in-one cybersecurity platform.

E-CQURITY (ECQ)

E-CQURITY (ECQ)

ECQ is a network security company offering offensive security services and solutions focused on active offensive and defensive positioning.