Russian IT firm’s work on hacking tools implied in leaked documents

A whistleblower collaborating with cybersecurity firm Mandiant has revealed documents indicating that Russian IT contractor NTC Vulkan was possibly involved in the development of several offensive hacking tools for the Russian government, according to Security Week. The leaked documents, which were dated between 2016 and 2020, suggested that the company did contract work for Unit 74455 of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation, also known as the advanced persistent threat actor Sandworm. Mandiant's analysis highlighted three projects; Scan, which is used for information gathering in preparation of operations; Amesit, which is designed to aid in manipulating public opinion through media monitoring and content dissemination; and Krystal-2B, which is a simulation training platform in preparation for attacks on operational technology environments such as transportation and utility systems. However, there was no clear indication that the capabilities that NTC Vulkan was contracted to do were ever implemented.