Skip to main content
The Dragos Blog

04.18.23 | 1 min read

Analyzing the Russian Vulkan Files Leak for Impacts to ICS/OT Operations 

Dragos, Inc.

Dragos recently reviewed a series of alleged contracts between the Russian Company NTC Vulkan and the Russian Ministry of Defense that were later highlighted in a recent press article from the Washington Post. These contracts, now commonly referred to as the Vulkan files, describe the measures taken by some adversaries to monitor and manipulate internet communications and signals, and where possible engage in cyber offensive attacks on critical industrial infrastructure.  

Sadly, many industrial OT asset owners have limited access to information on new and emerging threats to industrial control systems (ICS) until it’s too late, and defenders face difficulties knowing how to respond to breaking cybersecurity news. In our public intelligence brief, Dragos Analyzes Russian Programs Threatening Critical Civilian Infrastructure, we share our exclusive analysis of the cyber programs revealed in the NTC Vulkan files leak, and what they mean for ICS/OT operations.  

Dragos Threat Intelligence uncovers emerging threats to industrial control systems by hunting for malicious activity across the external battlespace to meet adversaries where they are, and with access to one of the largest ICS/OT data sets available in the industry. Exclusive and complete reporting on the Vulkan files is available to Dragos WorldView customers. Learn more at:   

Our Key Findings 

  • Dragos assesses with moderate confidence that the documents reviewed are legitimate and were leaked or stolen from a Russian contracting repository. 
  • It is unlikely that these tools and platforms are exclusively used for testing or training purposes. 
  • Some modules could allow for a range of impacts in rail and petrochemical environments which could result in physical consequences, including damage to physical equipment or creating unsafe conditions where injury and loss of life are possible. 
  • The capabilities described are consistent with previous attacks attributed to various units of the Russian Military’s GRU, with tactics, techniques, and procedures (TTP) overlapping with multiple identified threat groups. 

Let us help you break through the hype with actionable defensive recommendations. Download our public intelligence brief for a technical analysis of these cyber programs and their potential impacts on ICS/OT environments. 

Get the Threat Intel Brief

Understand the Russian NTC Vulkan files leak and what you can do to defend against a potential threat.

Ready to put your insights into action?

Take the next steps and contact our team today.