Ukraine Warns Of Growing Russian Use Of AI In Cyberwar Operations

Uploaded on 2025-02-18 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-Defence, FREE TO VIEW

Russia is increasingly using Artificial Intelligence (AI) to analyse data stolen in cyber attacks, making its operations more precise and effective, according to Ukrainian cyber officials. 

Russian hackers have for a long time exfiltrated vast amounts of data from Ukrainian government agencies, military personnel, and ordinary citizens. However, analysing and utilising these large datasets has posed a challenge.

Now, AI is helping to bridge that gap, according to Ihor Malchenyuk, director of the cyberdefense department at Ukraine’s State Service of Special Communications and Information Protection (SSCIP). 

Speaking at the Munich Cyber Security Conference (MCSC) recently, Malchenyuk said that as soon as Russian hackers gain access to a victim’s system, they use machine learning models to filter out what is most essential from the victim’s mailbox. They then use this data to tailor targeted phishing campaigns, he added. 

In the latest example, Ukrainian military personnel have been targeted on encrypted messaging platforms like Signal, receiving highly customisd messages designed to deceive them into clicking malicious links. 

Once accessed, these links can compromise their accounts and expose sensitive information, said Natalia Tkachuk, head of cyber and information security at Ukraine’s National Security and Defence Council. "The attacks are becoming increasingly sophisticated," Tkachuk told Recorded Future News on the sidelines of MCSC. "Hackers now personalise phishing messages with the recipient’s name, military rank, and even official documents they were previously involved with." 

Ukraine is also employing more AI in its cyber security efforts, Tkachuk said, but declined to disclose details. 

According to a recent report by SSCIP, Russian cyberattacks against Ukraine are increasingly focused on cyber-espionage, with attackers using compromised accounts and phishing emails as primary entry points. Ukrainian cyber officials have also observed growing collaboration between Russian state-backed hackers and cybercriminal groups. In these operations, financially motivated hackers infiltrate victims’ systems to steal funds and then pass on access and stolen data to state-sponsored operatives. This data is then analysed using AI, according to Tkachuk. 

Other countries have previously raised similar concerns about the use of AI by Russian threat actors. Earlier in November, British cabinet minister Pat McFadden said that Russia is trying to use AI to enhance cyber attacks against the country’s infrastructure. There is a danger that AI “could be weaponised against us,” McFadden  warned, arguing that the UK is already engaged in the “daily reality” of a “cyber war,” with hacking efforts mostly coming from Russia.

In a 2024 report Microsoft said that state-backed hackers from Russia, China, and Iran have been using tools from OpenAI to support their malicious cyber activities.  

OpenAI said, “Based on collaboration and information sharing with Microsoft, we disrupted five state-affiliated malicious actors: two China-affiliated threat actors known as Charcoal Typhoon and Salmon Typhoon; the Iran-affiliated threat actor known as Crimson Sandstorm; the North Korea-affiliated actor known as Emerald Sleet; and the Russia-affiliated actor known as Forest Blizzard. The identified OpenAI accounts associated with these actors were terminated.” 

According to Microsoft, these threat actors generally sought to use OpenAI services for querying open-source information, translating, finding coding errors, and running basic coding tasks. The identified OpenAI accounts associated with them were terminated, Microsoft said. 

Another way Russian threat actors could use AI is by inserting deepfake voice clips into real videos of politicians, said Ginny Badanes, senior director of Democracy Forward at Microsoft. This strategy is highly effective, as the clips can be difficult to detect, she said.

OpenAI   |   The Record   |  Guardian  |   Ginny Baldanes 

Image: Ideogram

You Might Also Read:

Russian Cyberwar Methods Are Evolving:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Navigating The Latest Paths In Cybersecurity Certification
Backdoor Access To Apple User Data Condemned »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManagedMethods

ManagedMethods

ManageMethods Cloud Access Monitor is the only Cloud Access Security Broker (CASB) that can be deployed in minutes, with no special training, and with no impact on users or networks.

Certes

Certes

Certes is a pioneer in delivering cutting-edge security technology solutions, with a specific focus on Data Protection Risk Mitigation (DPRM).

Digital Hands

Digital Hands

Digital Hands is an award-winning managed security services provider.

Kivu Consulting

Kivu Consulting

Kivu Consulting combines technical and legal expertise to deliver data breach response, investigative, discovery and forensic solutions worldwide.

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node is part of a national network designed to foster and accelerate cyber capability and innovation across Australia.

CryptoSec.info

CryptoSec.info

CryptoSec.info is a web resource focused on educating the beginners in the cryptocurrency space on how to properly secure their online assets from hackers and scammers.

RISE

RISE

RISE is an independent, State-owned research institute, which offers unique expertise and over 100 testbeds and demonstration environments for future-proof technologies, products and services.

Automox

Automox

Remediate vulnerabilities 30X faster than the industry norm – and dramatically reduce your risk with simple, fast, and cloud-native endpoint hardening from Automox.

ISARR

ISARR

The ISARR software platform - your bespoke Risk, Resilience & Security Management solution. Simple, cost effective and adaptable, now and into the future.

CyberGuard Technologies

CyberGuard Technologies

CyberGuard Technologies provides a suite of fully managed end-to-end security services from its 24/7 UK security operations centre.

Binare

Binare

Binare empowers companies all over the world to improve their IIot/IoT /Embedded cybersecurity posture and digital privacy.

Infuse Technology

Infuse Technology

Infuse Technology provide the highest level of cybersecurity support, implementing practical solutions to protect against cyber-attacks, from simple phishing scams to complex data security breaches.

AdvIntel

AdvIntel

AdvIntel is a next-generation threat prevention and loss prevention company launched by a team of certified investigators, reverse engineers, and security experts.

Radiant Security

Radiant Security

Radiant Security offers an AI-powered security co-pilot for Security Operations Centers (SOCs). Reinforce your SOC with an AI assistant.

InfoSecTrain

InfoSecTrain

InfoSecTrain are a leading training and consulting organization dedicated to providing top-tier IT security training and information security services to organizations and individuals across the globe

MiDO Technologies

MiDO Technologies

MiDO Technologies has a mission to change the narrative around digital enabling tools on the continent of Africa and prepare African youth.