Vulkan Playbook Leak Exposes Russias Plans for Worldwide Cyberwar

Russian intelligence services, together with a Moscow-based IT company, are planning worldwide hacking operations that will also enable attacks on critical infrastructure facilities.

The release of thousands of pages of confidential documents has exposed Russian military and intelligence agencies grand plans for using their cyberwar capabilities in disinformation campaigns, hacking operations, critical infrastructure disruption, and control of the Internet.
The papers were leaked from the Russian contractor NTC Vulkan and show how Russian intelligence agencies use private companies to plan and execute global hacking operations. They include project plans, software descriptions, instructions, internal emails, and transfer documents from the company.
The takeover of railroad networks and power plants are also part of a training seminar held by Vulkan to train hackers.
The leak also exposes the companys close links to the FSB, Russias domestic spy agency, the GOU and GRU, the respective operational and intelligence divisions of the armed forces, and the SVR, Russias foreign intelligence organization.
The documents, which were leaked by an unnamed source to a German reporter working for the Süddeutsche Zeitung at the start of Russias invasion of Ukraine, have since been analyzed by global media outlets including The Washington Post and German media outlets Paper Trail Media and Der Spiegel.
According to
the Spiegel report
(in German), Vulkan has developed tools that allow state hackers to efficiently prepare cyberattacks, filter Internet traffic, and spread propaganda and disinformation on a massive scale.
The Spiegel report notes that analysts from Google reportedly discovered a connection between Vulkan and the
hacker group Cozy Bear
years ago; the group has successfully penetrated systems of the US Department of Defense in the past.
One offensive cyber program described in the documents is internally codenamed Amezit.
The wide-ranging platform is designed to enable attacks on critical infrastructure facilities in addition to total information control over specific areas.
The programs goals include using special software to derail trains or paralyze airport computers, but it was not clear from the materials whether the program is currently being used against Ukraine.
Another project, called Skan-V, is supposed to automate cyberattacks and make them much easier to plan.
Whether and where the programs were used cannot be traced, but the documents prove that the programs were ordered, tested, and paid for.
People should know the dangers this poses, shared the anonymous source who leaked the docs to the media. The Russian invasion of Ukraine had motivated the source to make the documents public.
A trail also leads to the state hacker group Sandworm, one of the most dangerous advanced persistent threats (APTs) in the world, responsible for some of the most serious cyberattacks of recent years. For instance, the threat actor has been targeting the Ukrainian capital since as far back as December 2016 when it used the malware tool Industroyer to cause a
temporary power outage in Kyiv
.
Until now, it was not known that the group used tools from private companies.
Sandworm has previously been linked to GRU.
Since the start of the war, at least five Russian, state-sponsored or cybercriminal groups — including
Gamaredon, Sandworm, and Fancy Bear
— have targeted Ukrainian government agencies and private companies in dozens of operations that aimed to disrupt services or steal sensitive information.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Vulkan Playbook Leak Exposes Russias Plans for Worldwide Cyberwar