Znatok is fully featured has interface for “Commander” to assign tasking to a team. Look military. If #Sandworm is #GRU cyber then could fit
See BASHNYA as project name or user. Still work on functionality of framework. More soon #ThreatIntel #Sandworm
Bashnya is Башня. This translate from Russia is “Tower”. GTsST GRU Unit 74455 linked to Sandworm has HQ at the “Tower”, 22 Kirova Street in Khimki Moscow. Think Bashnya/Tower is code for end user of Znatok #ThreatIntel #Sandworm #GRU
Also see sign to Vulkan. Not sure what “Vulkan” mean. Did some look online and find Russia infosec company called “NTC Vulkan” #Threatintel #Sandworm 
Has real website. Very active on Facebook. Look like commercial company not state? #ThreatIntel #Sandworm #NTCvulkan ntc-vulkan.ru facebook.com/ntc.vulkan
But has FSB licenses. Include “for the licensing, certification and protection of state secrets of FSB”, a license from Russia MOD and for weapons and military equipment #ThreatIntel #Sandworm #NTCvulkan
Vulkan profile on list-org.ru has Russia state contracts each with own contract ID #ThreatIntel #Sandworm #NTCvulkan
Zakupki.gov.ru is database of Russia contracts. No hit when search keyword Vulkan. But search on contract ID from list-org.ru and got more detail #ThreatIntel #Sandworm #NTCvulkan
Vulkan has state contracts on Zakupki for MOD and military. No see contracts for unit 74455 #ThreatIntel #Sandworm #NTCvulkan
So look like commercial company NTCvulkan develop tool Znatok for unit 74455 and look like hiding contact. Going to keep looking for more #ThreatIntel #Sandworm #NTCvulkan #GTsST
Company profile of NTC Vulkan shows has 50% shareholders Anton Vladimirovich Markov and Aleksandr Aleksandrovich Irzhavskij #ThreatIntel #Sandworm #NTCVulkan
Looking on Markov and Irzhavskij I find Irzhavskij linked to “Svobodnyy Prospekt Dom 4” in 2004 #ThreatIntel #Sandworm #NTCVulkan
Look into Svobodnyy Prospekt on list-org.com. It address of FGUP “18 TsNII” of Russian MOD. TsNII has unit number 11135 and email 18CNII_GOZ@MIL.RU #ThreatIntel #Sandworm #NTCVulkan
Company profile on casebook.ru lists 18TsNII as doing science research and development in region of natural and technical sciences. Other company list websites list work on other things like “manufacturing starch products”, “tram sleepers” and “bookbinding”
But 18TsNII look suspicious on other sites like this unofficial website where it listed as part of GRU structure: gostevushka.ru/gb/gosudarstvo… #ThreatIntel #Sandworm
I think of shareholder Aleksandr Aleksandrovich Irzhavskij has link to closed military institute maybe he helped make Vulkan contract for GRU tool Znatok #ThreatIntel #Sandworm #NTCVulkan #GRU
I find court case between 18 TsNII and GRU in 2013. 18 TsNII called “closed” military institute in Russia news: iz.ru/news/546680 #ThreatIntel #Sandworm #GRU
Also I find 2017 court case between Vulkan and 18 TsNII. Vulkan, 18 TsNII and GRU all 3 connected for unknown projects #ThreatIntel #Sandworm #GRU #NTCVulkan #18TsNII
Look like 18 TsNII, Vulkan and GRU have contracts together. But only see them when they have court cases with each other. Suggest more going on with each other. Rest must be secret. Maybe Znatok secret? Want to find out more. #ThreatIntel #Sandworm #GRU #NTCVulkan #18TsNII
Vulkan try hard to hide link to Russia military and GRU. Not much there. In December 2019 they take part in military cyber competition “Cyber Patriot” by Russia “Department of information systems” and General Staff 8th Directorate #ThreatIntel #Sandworm #NTCVulkan #GRU
Only sign of Vulkan in that competition is logo on presentation. No advertised on website or social media. I find it after looking at Echelon. Echelon is Russia company partner of Vulkan #ThreatIntel #NTCVulkan #NPOEchelon #Sandworm
Echelon is proud of Cyber Patriot competition. Not like Vulkan. I find press release #ThreatIntel #NTCVulkan #NPOEchelon #Sandworm press-release.ru/branches/exhib…
Echelon is technology testing lab and look suspicious. I find 2018 news about link to Russia military and FSB and its access to source code of western tech. Western companies like @symantec already worried #ThreatIntel #NTCVulkan #NPOEchelon #Sandworm #GRU venturebeat.com/2018/01/25/sap…
So @ntc_vulkan partner with Echelon which has close link to Russia military and FSB. But also work with @symantec @IBM @McAfee @HP @Cisco. Vulkan builds exploit tools for Russia GRU and works with global tech companies. Look strange! #ThreatIntel #NTCVulkan #Sandworm #GRU
• • •
Missing some Tweet in this thread? You can try to
force a refresh
