Siemens checks employees who previously worked at “Vulkan”

The German concern Siemens has launched an internal investigation into employees who previously worked at the Russian company “Vulkan”. According to the investigation published the day before, this company developed software for the Russian special services of the FSB, SVR and GRU, as well as the Ministry of Defense of Russia. With its help, among other things, cyberattacks were carried out on governmental, parliamentary and public institutions of various Western countries – the authors of the investigations say.

The basis for the investigation was an article in the publication Spiegel, which together with ten mass media from eight countries, including the ZDF TV channel, as well as the Guardian, the Washington Post and the Russian publication “Vazhnye istorii”, conducted an investigation into the documents of the “Vulkan” company. The received media documents contain large-scale project plans, software descriptions, instructions, internal e-mails, as well as information about bank transfers.

Most of the data came from an anonymous source immediately after the start of Russia’s full-scale war in Ukraine, first to the newspaper Süddeutsche Zeitung. Later, the source also sent them to the publication Spiegel. The documents were allegedly obtained from Russian law enforcement agencies. Many Western special services have confirmed their authenticity.

According to the investigation, “Vulkan” developed software for the Russian intelligence services, which allows hacker attacks on critical infrastructure and carries out various sabotages. On the basis of the received media files, it is possible to trace how the Russian special services, with the help of private companies, plan and carry out cyberattacks in different countries of the world. For example, the documents describe a hacker program codenamed “Amezit”, with the help of which, among other things, it is possible to cause trains to crash or stop airport computers. However, based on the obtained data, it is impossible to establish whether this program was used for operations in Ukraine.

Spiegel also points to Vulcan’s connection with the Cozy Bear hacker group, which in the past infiltrated the computer systems of the US Department of Defense and is suspected of hacking attacks on German governmental and parliamentary structures.

Among other things, the files contain information about 90 former “Vulcan” programmers who work in Western concerns. One of the former employees of the Russian enterprise allegedly works at the Siemens concern in Munich. A representative of the concern said today: “We take this case seriously and investigate it.” However, for reasons of personal data protection, the company refused to provide information about the employee’s identity.

The media investigation showed that former Vulcan employees also work in the Booking and Trivago concerns. One of them even holds the position of Senior Software Development Engineer at Amazon Web Services (AWS). At the request of Spiegel, the representative of the concern only said that the safety of its clients has the highest priority. Booking and Trivago did not respond to the publication’s request.