The ‘Vulkan Files‘, published on Thursday (30 March), reveal how a shadowy Russian cybersecurity company named RTV Vulkan has secretly been waging digital warfare on the Kremlin’s behalf.

The documents were reportedly leaked to German media by a whistleblower who opposed the war in Ukraine on 24 February 2022, and have been analysed by a consortium of over 50 journalists from eight countries.

Included in the leak is evidence of tools used to influence social media discussion, manipulate public opinion, interfere in elections, and attack national infrastructure.

The files reveal how a Russian cybersecurity company waged digital warfare around the world on the Kremlin’s behalf

Also revealed is the agency’s links to the notorious hacking organisation Sandworm, who disabled Ukraine’s power grid in 2015 and played a key role in Russia’s brazen attempts to derail the US presidential election the following year.

Two of the group’s operatives were indicted for distributing emails stolen from Hillary Clinton’s Democrats in 2016, and in 2017 Sandworm attempted use the same tactics to influence the outcome of the French presidential vote, the US claims.

Sandworm has also been credited with distributing the most destructive malware ever recorded, known as NotPetya, and targeting the South Korean Oympics.

Codenamed Scan-V, NotPetya scours the internet for vulnerabilities, which are then stored for use in future cyber-attacks.

Another powerful disinformation tool, known as Amezit, was also found to be in use by the group.

Amezit is used to create fake profiles en masse which are then used to disseminate pro-Kremlin content on a large scale via email, SMS, and social media.

Public opinion can be influenced by pushing individual hashtags in a targeted manner, and bot databases provide the basis for these operations.

These tools were used to influence foreign affairs, and to exert even greater control over parts of the internet in Russia’s sphere of influence.

The firm had previously waged attacks on Ukraine’s power grid and had obtained maps of US and Swiss energy infrastructure

It has been reported that one of the leaked documents includes maps of US energy infrastructure. Another contains the details of a nuclear power station in Switzerland.

John Hultquist, the vice-president of intelligence analysis at the cybersecurity firm Mandiant, said: ‘These documents suggest that Russia sees attacks on civilian critical infrastructure and social media manipulation as one and the same mission, which is essentially an attack on the enemy’s will to fight.’

The firm counts a wide variety of Russian security services as its clients, including the FSB, the foreign intelligence service, SVR, and the military intelligence service GRU, the Guardian reports.

RTV Vulkan used some of the world’s most notorious malware to wage war on the West

The whistleblower who leaked the explosive documents told a German newspaper that the FSB and GRU ‘hide behind’ Vulkan in the days after Russia’s invasion of Ukraine last year to avoid culpability.

The anonymous source said: ‘People should know the dangers of this.

‘Because of the events in Ukraine, I decided to make this information public.

‘The company is doing bad things and the Russian government is cowardly and wrong.

‘I am angry about the invasion of Ukraine and the terrible things that are happening there.

‘I hope you can use this information to show what is happening behind closed doors.’

The authenticity of the documents has been confirmed by five separate intelligence agencies.

The firm had previously worked with the same group of hackers responsible for leaking Hillry Clinton’s emails during the 2016 US Presidential Election

Following the leak, the ‘Vulkan Files’ international research team identified several hundred accounts on Twitter that could be directly or indirectly linked to the documents.

To hide their Russian origins, profiles created by the group created email accounts at Gmail, Yahoo, and Hotmail, and paid for transactions with cryptocurrency or prepaid credit cards.

However, despite their careful manoeuvring Russia’s attempts to control the online sphere have faltered since the start of their invasion of Ukraine.

Earlier this year, Russian Foreign Ministry Spokesperson Maria Zakharova confirmed that the Kremlin has ceded centralized control over the Russian information space and that Russian President Vladimir Putin apparently cannot readily fix it.

This is due to the emergence of grassroots anti-disinformation groups who have taken an active role in identifying and countering Russian propaganda online.

In their brief exchange with a German journalist, the leaker said they were aware that giving sensitive information to foreign media was dangerous.

But they had taken life-changing precautions. They had left their previous life behind, they said, and now existed ‘as a ghost’.