Discover and read the best of Twitter Threads about #VulkanFiles

Most recents (12)

In November 2019, an anonymous Twitter account called @m4lwatch posted some tweets. He says he found hacking software belonging to Sandworm - the hackers of the Russian secret service. And he draws a connection between Sandworm and NTC Vulkan - the company of the #VulkanFiles.
@m4lwatch writes about “Znatok”, a Russian name for someone who seems to know everything. "Znatok" is said to be used for cyber attacks. M4lwatch suspects that such targets could be people or embassies. Where he got this information from, he leaves open.
"Znatok" also appears in the #VulkanFiles - for example, a virtual computer is set up - a digital computer that does not need its own hardware. It is also called “Znatok”.
Read 6 tweets
2019 setzt ein anonymer Twitter-Account namens @m4lwatch einige Tweets ab. Er habe eine Hacking-Software gefunden, die zu Sandworm gehört - den Hackern des russischen Geheimdienstes. Und er stellt eine Verbindung her zu NTC Vulkan – der Firma aus den #VulkanFiles.
@m4lwatch schreibt über “Znatok”, ein russischer Name für jemanden, der scheinbar alles weiß. "Znatok” soll für Cyberangriffe genutzt werden. M4lwatch vermutet, Ziele könnten Personen oder Botschaften sein. Woher er diese Informationen hat, lässt er offen.
Auch in den #VulkanFiles kommt “Znatok” vor - zum Beispiel wird ein virtueller Rechner eingerichtet – ein digitaler Computer also, der ohne eigene Hardware auskommt. Auch er wird “Znatok” genannt.
Read 6 tweets
Mehr als 50 Journalisten von 11 Medienhäusern haben zu den #VulkanFiles recherchiert. Das Ergebnis: rund vier Dutzend Texte, Interviews, Filme, Podcast-Folgen. Ich habe (fast) alles gelesen, gehört, angesehen. Hier ein persönliches #BestOf:
(1/9)
Worum geht’s überhaupt bei den #VulkanFiles? Wer nur einen einzigen Text lesen will, sollte diesen wählen. (Er hat eine irreführende Überschrift, de facto liefert er die Antworten auf die wichtigsten Fragen.)
@paper_trail_m @derspiegel
(2/9)

spiegel.de/netzwelt/web/v…
Die große Hauptstory im @derspiegel, die sämtliche Aspekte des Themas umfasst. Ein Muss für alle, die mehr wissen wollen.
@paper_trail_m #VulkanFiles
(3/9)

spiegel.de/politik/deutsc…
Read 9 tweets
In 2019, a mysterious account called @m4lwatch started dumping extremely relevant information on #Sandworm. Shortly thereafter, they mentioned a company: NTC Vulcan. Fast-forward three years and that company is in the spotlights #VulkanFiles
spiegel.de/netzwelt/web/v…

Short thread
Almost every researcher tracking Russian APTs was following @m4lwatch. This screenshot tells you why: m4lwatch is talking about infrastructure related to #Sandworm almost six months before it showed up in an advisory sent out by the NSA (PDF).

media.defense.gov/2020/May/28/20…
(h/t to @jfslowik who alerted us to this piece of information and helped us understand big chunks of the files.) Anyway, m4lwatch started publishing information on "NTC Vulkan". He even posted diagrams on a supposed exploitation framework called "Znatok"
Read 9 tweets
The investigative team of the #VulkanFiles was able to identify several hundred Twitter accounts based on the clues in the documents. The investigation of @christo_buschek @flornrnd and Damian Leloup @lemondefr. A Thread.
The leads in the documents are often easy to miss. In one document, we found an Email address. It looks like many others, a first name, last name, a year. Next to it, we see a date.
A Twitter account with the same first name, last name, and year in its profile name tweets on that same date we saw in the documents.
Read 16 tweets
Now to the most hilarious bit of the #VulkanFiles: The curious case of "Secret Party NTC Vulkan" and APT #MagmaBear
The documents contained in the leak are not only intricate, with a few exceptions like hardware specs and disinfo-related pieces (see this thread: ) there's not much infosec-professionals can quickly utilize. Think IP-addresses, hashes, source code etc.
But during our research we were told about a file. It's an excel file, and it is on Virustotal. The filename is in Russian and translates to "Secret Party NTC Vulkan". We obtained the file, since it was an xls-file I used a thing called oletools blog.didierstevens.com/programs/oledu…
Read 10 tweets
Part of the #VulkanFiles is “Scan-V”, a framework to conduct cyberoperations with greater speed, scale and efficiency. Basically, it's purpose is helping the GRU to achieve its mission. One of the indended end-users seems to be #Sandworm.

sueddeutsche.de/projekte/artik… Image
At its heart, Scan-V is designed to scour the web for vulnerabilities that are then stored in an “ultra-large” database. When a new operation starts, things like identifying targets and initial entry supposed to be already at the hackers’ fingertips
derstandard.de/story/20001449… Image
The docs also describe the ability to store e-mails (pst-files), pcaps (network traffic) and network-layouts. Stuff you can’t just scan for externally. Storing info on previously breached targets in case your next task is to hack them again

blog.sekoia.io/sekoia-io-anal… Image
Read 11 tweets
Exklusiv: Die #VulkanFiles - wie Russland Cyberkriege plant. Tausende Seiten geheimer Dokumente zeigen die digitalen Waffen der Moskauer Firma "Vulkan", ein Tech-Zulieferer für Putins Militär und seine Geheimdienste. 1/9 Unser Film: zdf.de/nachrichten/di…
Die Firma "NTC Vulkan" sieht auf den ersten Blick aus wie ein normales IT-Unternehmen - doch im Verborgenen entwickelt sie für den russischen Staat Cyberwaffen. Was die können sollen: 2/9 Image
Experten stufen Vulkan-Software als „offensiv“ ein - also geeignet, um andere Staaten anzugreifen. Für die ukrainisch-stämmige Digital-Expertin Marina Krotofil @Marmusha verstoßen Cyberangriffe auf zivile Infrastruktur gegen das Völkerrecht: 3/9 Image
Read 9 tweets
Shortly after Russia invaded Ukraine, @h_munzinger got in touch with a source. Over the span of several weeks, Hannes got hold of more than 5000 pages of documents. This secret trove forms the basis of the investigation we’re releasing today #VulkanFiles

spiegel.de/politik/deutsc…
This is a fascinating (and rare!) look into the ambitions of the Russian state. This rather small company of about 135 people was working for the #GRU, the #SVR and the #FSB.

washingtonpost.com/national-secur…
I will highlight some of the takeaways in the coming hours and days but we have spent many months verifying the details contained within the documents, together with many partners, among others the @guardian

theguardian.com/technology/202…
Read 8 tweets
Boom! Leaked documents from #Moscow shed light on Vladimir Putin's shadowy cyber-warfare capabilities: hacking, disinformation, propaganda. Here's our story on the #VulkanFiles, supplied by a whistleblower unhappy at Ukraine war and who is now a "ghost" theguardian.com/technology/202…
Our story follows a months-long investigation into Vulkan, a cyber-security firm in Moscow. Its clients include the #FSB, Putin's old spy agency; the Russian military and the #GRU intelligence agency; and the SVR, the foreign intelligence outfit, emails and multiple docs show
The #VulkanFiles are published today by international media partners and newspapers including @paper_trail_m @derspiegel @SZ @washingtonpost @ZDFfrontal @derStandardat @tagesanzeiger
@lemondefr @istories_media @DRNyheder
Read 10 tweets
Proudly presenting last months' work with the most amazing international colleagues: The #VulkanFiles. Together we monitored and analyzed more than 1000 secret files from a #whistleblower. They expose how a private company is bolstering Vladimir Putin's cyberwarfare capabilities. Image
Moreover, we spoke with more than 90 former and current employees of the company: NTC Vulkan. One of them even gave us the chance to record his interview. Why he speaks? The world should know how companies like Vulkan are helping the Russian intelligence agencies. #VulkanFiles Image
Vulkan is not the only company helping FSB, GRU and SVR to prepare for cyberwar. But the #VulkanFiles are providing rare insights on how Russia is upgrading its cyber arsenal. Read all our stories here:
linktr.ee/papertrailmedia
Read 3 tweets
Vor einem Jahr bin ich mit einer Quelle ins Gespräch gekommen, die hunderte geheime Dokumente schickte. E-Mails, Tabellen, Verträge, vor allem aber: Beschreibungen von Systemen, die für die russischen Geheimdienste entwickelt werden. Wir nennen sie #VulkanFiles Image
Die Quelle schrieb: "Die GRU und der FSB verstecken sich hinter dieser Firma". Und tatsächlich finden wir in den #VulkanFiles spuren zu den russischen Geheimdiensten, sorgar noch zu einem dritten, dem SVR. Und zum Militär.
Die #VulkanFiles sind interne Daten der IT-Firma "NTC Vulkan". Auf den ersten Blick ein harmloser IT-Dienstleister. In Wirklichkeit bauen sie Werkzeuge für die digitale Kriegsführung. Und für die berüchtigten Hacker von "Sandworm", die seit Jahren die Ukraine ins Visier nehmen
Read 7 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!