TheVulkan files are a leaked set of emails, and other documents, implicating the Russian companyNTC Vulkan (Russian:НТЦ Вулкан) in acts ofcybercrime, political interference in foreign affairs (such as in the2016 United States presidential election) throughsocial media, censorship of domestic social media, andespionage, in collusion with Russia'sFederal Security Service (FSB), their armed forces (GOU andGRU); andForeign Intelligence Service (SVR).^{[1][2][3][4][5]} The files date from 2016 to 2021.^[1]

The company NTC Vulkan was founded by Anton Markov and Alexander Irzhavsky in 2010.^[1] Both are graduates of St Petersburg military academy and have served in the Russian army, with Markov reaching the rank of captain and Irzhavsky reaching the rank of major.^[1]

Vulkan received special licences to work on classified military and state projects from 2011.^[1]

It has more than 120 staff, 60 of who are programmers,^[1] and describes its speciality as information security.^[1] It listsSberbank,Aeroflot andRussian Railways as customers.^[1]

The documents, numbering in their thousands, were leaked to the German newspaperSüddeutsche Zeitung within days of the 24 February 2022Russian invasion of Ukraine by awhistleblower who opposed that war,^[1] and were analysed by journalists from that publication andThe Guardian,Le Monde andWashington Post, with several other media outlets, as part of a consortium led byPaper Trail Media andDer Spiegel.^[1][6][3] The consortium published the first details of its investigation on 30 March 2023.^[2][3]

Five Western intelligence agencies and several independent cybersecurity experts authenticated the files.^[1][7][3]

The documents link Vulkan to theGRU run hacker groupSandworm.^[1][3] Vulkan was contracted to write software called Scan-V to support searching for weak spots in systems to be targeted.^[3][1] Scan-V was commissioned in May 2018.^[1]

The documents link Vulkan to theCozy Bear hacker group, according toGoogle researchers.^[1][3]

Vulkan won an initial contract to create a system called Amezit in 2016.^[1] Amezit is designed to allow control of and interception of internet, wireless and mobile communications.^[1][8] In 2018 some employees went in connection to Amezit toRostov-on-Don to visit the Radio Research Institute, which is linked to theFederal Security Service.^[1] It is not known if it has been used in parts of Ukraine occupied by the Russian Army.^[1]

• "Putins Krieg im Netz [Putin's Cyber-War]".Der Spiegel (in German). Hamburg, Germany.

• 2023 in international relations
• 21st-century military history of Russia
• Cybercrime
• Data journalism
• Investigative journalism
• Whistleblowing
• Propaganda in Russia
• Foreign relations of Russia
• Russian intelligence operations
• Russian interference in the 2016 United States elections
• Russian interference in British politics
• Russo-Ukrainian war
• Russia–NATO relations
• Federal Security Service
• GRU
• The Guardian
• Der Spiegel
• Süddeutsche Zeitung
• Vladimir Putin
• News leaks

• Articles with short description
• Short description is different from Wikidata
• Use dmy dates from March 2023
• Use British English from March 2023
• All Wikipedia articles written in British English
• Articles containing Russian-language text
• Articles containing German-language text
• Articles containing French-language text
• CS1 German-language sources (de)