Vulkan files leak

The Vulkan files are a leaked set of emails, and other documents, implicating the Russian company NTC Vulkan (НТЦ Вулкан) in acts of cybercrime, political interference in foreign affairs (such as in the 2016 United States presidential election) through social media, censorship of domestic social media, and espionage, in collusion with Russia's Federal Security Service (FSB), their armed forces (GOU and GRU); and Foreign Intelligence Service (SVR). The files date from 2016 to 2021.

Background
The company NTC Vulkan was founded by Anton Markov and Alexander Irzhavsky in 2010. Both are graduates of St Petersburg military academy and have served in the Russian army, with Markov reaching the rank of captain and Irzhavsky reaching the rank of major.

Vulkan received special licences to work on classified military and state projects from 2011.

It has more than 120 staff, 60 of who are programmers, and describes its speciality as information security. It lists Sberbank, Aeroflot and Russian Railways as customers.

Leaks
The documents, numbering in their thousands, were leaked to the German newspaper Süddeutsche Zeitung within days of the 24 February 2022 Russian invasion of Ukraine by a whistleblower who opposed that war, and were analysed by journalists from that publication and The Guardian, Le Monde and Washington Post, with several other media outlets, as part of a consortium led by Paper Trail Media and Der Spiegel. The consortium published the first details of its investigation on 30 March 2023.

Five Western intelligence agencies and several independent cybersecurity experts authenticated the files.

Connections with other organisations
The documents link Vulkan to the GRU run hacker group Sandworm. Vulkan was contracted to write software called Scan-V to support searching for weak spots in systems to be targeted. Scan-V was commissioned in May 2018.

The documents link Vulkan to the Cozy Bear hacker group, according to Google researchers.

Vulkan won an initial contract to create a system called Amezit in 2016. Amezit is designed to allow control of and interception of internet, wireless and mobile communications. In 2018 some employees went in connection to Amezit to Rostov-on-Don to visit the Radio Research Institute, which is linked to the Federal Security Service. It is not known if it has been used in parts of Ukraine occupied by the Russian Army.