Vulkan, the Russian security service provider whose The world and its partners were able to consult several hundred internal documents, does not only design information control tools. The company has also developed at least one tool intended for the preparation of cyberattacks. Called “Skan” (“scanner”), it is designed to automatically explore the Internet to detect security vulnerabilities, and archive all documented vulnerabilities in a gigantic database.
Skan is “a database, which focuses both on the mapping of telecommunications equipment and the software configuration of this equipment, and on the mapping of vulnerabilities”, details Félix Aimé, head of threat analysis for the French cybersecurity company Sekoia. Tools of this type are designed to facilitate the preparatory steps for a computer attack, for example by making it possible to identify a server whose software is not up to date, or even to recover the e-mail address of a senior official. company to whom we are going to send a trapped message.
By the very nature of the tool, it is impossible to know if, and for which cyberattacks, Skan could have been used. Vulkan documents show, however, that its development, which began in 2018, was sufficiently mature in 2020 for company employees to demonstrate it to representatives of the Russian army. The documents do not make it possible to determine with certainty which specific units or services its use was intended for, but an exchange of emails dated 2020 all the same mentions the installation of servers specific to this project. “at Khimki”, a suburb of Moscow. This is where the headquarters of Sandworm, the GRU unit in charge of cyberoffensive operations, is located.
An offensive tool
There is little doubt about the offensive nature of the tool: the examples that appear in its technical documentation are all located outside the Russian Federation. In particular, there is a computer server located in Fairfield, in the State of Connecticut (United States), and computer routers in North Korea.
Tools similar to Skan are presumably used by most intelligence services around the world, and the technical details of the project do not show a particularly high degree of sophistication – it draws heavily on freely available resources for finding loopholes. security and well known to specialists in the sector, such as the search engine Shodan. The sources of information to be aspired presented in the documents, some of which today seem very dated, are a potpourri of what a group of hackers can ask for in order to prepare an attack. Skan, for example, absorbs lists of expired domain names, a useful tool for reusing the technical infrastructures of other players, and thus blurring the tracks.
You have 15.52% of this article left to read. The following is for subscribers only.