Ukraine Warns Of Growing Russian Use Of AI In Cyberwar Operations

Uploaded on 2025-02-18 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-Defence, FREE TO VIEW

Russia is increasingly using Artificial Intelligence (AI) to analyse data stolen in cyber attacks, making its operations more precise and effective, according to Ukrainian cyber officials. 

Russian hackers have for a long time exfiltrated vast amounts of data from Ukrainian government agencies, military personnel, and ordinary citizens. However, analysing and utilising these large datasets has posed a challenge.

Now, AI is helping to bridge that gap, according to Ihor Malchenyuk, director of the cyberdefense department at Ukraine’s State Service of Special Communications and Information Protection (SSCIP). 

Speaking at the Munich Cyber Security Conference (MCSC) recently, Malchenyuk said that as soon as Russian hackers gain access to a victim’s system, they use machine learning models to filter out what is most essential from the victim’s mailbox. They then use this data to tailor targeted phishing campaigns, he added. 

In the latest example, Ukrainian military personnel have been targeted on encrypted messaging platforms like Signal, receiving highly customisd messages designed to deceive them into clicking malicious links. 

Once accessed, these links can compromise their accounts and expose sensitive information, said Natalia Tkachuk, head of cyber and information security at Ukraine’s National Security and Defence Council. "The attacks are becoming increasingly sophisticated," Tkachuk told Recorded Future News on the sidelines of MCSC. "Hackers now personalise phishing messages with the recipient’s name, military rank, and even official documents they were previously involved with." 

Ukraine is also employing more AI in its cyber security efforts, Tkachuk said, but declined to disclose details. 

According to a recent report by SSCIP, Russian cyberattacks against Ukraine are increasingly focused on cyber-espionage, with attackers using compromised accounts and phishing emails as primary entry points. Ukrainian cyber officials have also observed growing collaboration between Russian state-backed hackers and cybercriminal groups. In these operations, financially motivated hackers infiltrate victims’ systems to steal funds and then pass on access and stolen data to state-sponsored operatives. This data is then analysed using AI, according to Tkachuk. 

Other countries have previously raised similar concerns about the use of AI by Russian threat actors. Earlier in November, British cabinet minister Pat McFadden said that Russia is trying to use AI to enhance cyber attacks against the country’s infrastructure. There is a danger that AI “could be weaponised against us,” McFadden  warned, arguing that the UK is already engaged in the “daily reality” of a “cyber war,” with hacking efforts mostly coming from Russia.

In a 2024 report Microsoft said that state-backed hackers from Russia, China, and Iran have been using tools from OpenAI to support their malicious cyber activities.  

OpenAI said, “Based on collaboration and information sharing with Microsoft, we disrupted five state-affiliated malicious actors: two China-affiliated threat actors known as Charcoal Typhoon and Salmon Typhoon; the Iran-affiliated threat actor known as Crimson Sandstorm; the North Korea-affiliated actor known as Emerald Sleet; and the Russia-affiliated actor known as Forest Blizzard. The identified OpenAI accounts associated with these actors were terminated.” 

According to Microsoft, these threat actors generally sought to use OpenAI services for querying open-source information, translating, finding coding errors, and running basic coding tasks. The identified OpenAI accounts associated with them were terminated, Microsoft said. 

Another way Russian threat actors could use AI is by inserting deepfake voice clips into real videos of politicians, said Ginny Badanes, senior director of Democracy Forward at Microsoft. This strategy is highly effective, as the clips can be difficult to detect, she said.

OpenAI   |   The Record   |  Guardian  |   Ginny Baldanes 

Image: Ideogram

You Might Also Read:

Russian Cyberwar Methods Are Evolving:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Navigating The Latest Paths In Cybersecurity Certification
Backdoor To Apple User Data Condemned »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ClearedJobs.Net

ClearedJobs.Net

ClearedJobs.Net is a career site and job fair company for professionals seeking careers in the defense, intelligence and cyber security communities.

Cryptus Cyber Security

Cryptus Cyber Security

Cryptus Cyber Security is an Information Security Training company providing advanced training and services to IT Professionals.

Leviathan Security Group

Leviathan Security Group

Leviathan provides a broad set of information security services ranging from low-level technical engineering to strategic business consulting.

CionSystems

CionSystems

CionSystems provides identity, access and authentication solutions to improve security and streamline IT infrastructure management.

Alan Turing Institute

Alan Turing Institute

Alan Turing Institute is the UK national institute for data science. A major focus is Big Data analysis with applications including cyber security.

Cyber Security Agency of Singapore (CSA)

Cyber Security Agency of Singapore (CSA)

The CSA is the national agency overseeing cybersecurity strategy, operation, education, outreach, and ecosystem development.

Stealthcare

Stealthcare

Stealthcare is a full service, global cyber security firm offering solutions that educate, empower and protect.

Cyber Range Solutions (CRS)

Cyber Range Solutions (CRS)

CRS provides cyber security training and improve security team performance by providing a hyper realistic, virtual training environment.

ShieldApps

ShieldApps

ShieldApps comprehensive suite of products is designed to protect your personal devices from privacy threats, including hacking attempts, online tracking, fingerprinting, phishing, malware, and more.

US Coast Guard Cyber Command

US Coast Guard Cyber Command

US Coast Guard Cyber Command’s focus is to ensure the security of our cyberspace, maintain superiority over our adversaries,and safeguard our Nation’s critical maritime infrastructure.

Protexxa

Protexxa

Protexxa is a B2B SaaS cybersecurity platform that leverages Artificial Intelligence to rapidly identify, evaluate, predict, and resolve cyber issues for employees.

Lansafe

Lansafe

Lansafe stands as a leading managed service provider in the UK, seamlessly integrating IT, Telecoms, Security, Electrical and Cyber Security solutions.

Cynclair

Cynclair

Cybersecurity is a complex beast. And we're the beast-tamers. Our team thrives on deciphering the latest threats, building cutting-edge defenses, and making your digital world much safer.

CyRiSo

CyRiSo

CyRiSo is a cyber security consulting company with a focus on 'as-a-service' services for the most pressing challenges of cyber security.

Symbiotic Security

Symbiotic Security

Symbiotic Security revolutionizes code security by integrating an AI-driven security coach directly within developers' IDEs.

ThoughtSol

ThoughtSol

Thoughtsol help brands grow through Digital Transformation enabling them to leverage the power of IT for an all-embracing impact on their businesses.