Ukraine Warns Of Growing Russian Use Of AI In Cyberwar Operations

Uploaded on 2025-02-18 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-Defence, FREE TO VIEW

Russia is increasingly using Artificial Intelligence (AI) to analyse data stolen in cyber attacks, making its operations more precise and effective, according to Ukrainian cyber officials. 

Russian hackers have for a long time exfiltrated vast amounts of data from Ukrainian government agencies, military personnel, and ordinary citizens. However, analysing and utilising these large datasets has posed a challenge.

Now, AI is helping to bridge that gap, according to Ihor Malchenyuk, director of the cyberdefense department at Ukraine’s State Service of Special Communications and Information Protection (SSCIP). 

Speaking at the Munich Cyber Security Conference (MCSC) recently, Malchenyuk said that as soon as Russian hackers gain access to a victim’s system, they use machine learning models to filter out what is most essential from the victim’s mailbox. They then use this data to tailor targeted phishing campaigns, he added. 

In the latest example, Ukrainian military personnel have been targeted on encrypted messaging platforms like Signal, receiving highly customisd messages designed to deceive them into clicking malicious links. 

Once accessed, these links can compromise their accounts and expose sensitive information, said Natalia Tkachuk, head of cyber and information security at Ukraine’s National Security and Defence Council. "The attacks are becoming increasingly sophisticated," Tkachuk told Recorded Future News on the sidelines of MCSC. "Hackers now personalise phishing messages with the recipient’s name, military rank, and even official documents they were previously involved with." 

Ukraine is also employing more AI in its cyber security efforts, Tkachuk said, but declined to disclose details. 

According to a recent report by SSCIP, Russian cyberattacks against Ukraine are increasingly focused on cyber-espionage, with attackers using compromised accounts and phishing emails as primary entry points. Ukrainian cyber officials have also observed growing collaboration between Russian state-backed hackers and cybercriminal groups. In these operations, financially motivated hackers infiltrate victims’ systems to steal funds and then pass on access and stolen data to state-sponsored operatives. This data is then analysed using AI, according to Tkachuk. 

Other countries have previously raised similar concerns about the use of AI by Russian threat actors. Earlier in November, British cabinet minister Pat McFadden said that Russia is trying to use AI to enhance cyber attacks against the country’s infrastructure. There is a danger that AI “could be weaponised against us,” McFadden  warned, arguing that the UK is already engaged in the “daily reality” of a “cyber war,” with hacking efforts mostly coming from Russia.

In a 2024 report Microsoft said that state-backed hackers from Russia, China, and Iran have been using tools from OpenAI to support their malicious cyber activities.  

OpenAI said, “Based on collaboration and information sharing with Microsoft, we disrupted five state-affiliated malicious actors: two China-affiliated threat actors known as Charcoal Typhoon and Salmon Typhoon; the Iran-affiliated threat actor known as Crimson Sandstorm; the North Korea-affiliated actor known as Emerald Sleet; and the Russia-affiliated actor known as Forest Blizzard. The identified OpenAI accounts associated with these actors were terminated.” 

According to Microsoft, these threat actors generally sought to use OpenAI services for querying open-source information, translating, finding coding errors, and running basic coding tasks. The identified OpenAI accounts associated with them were terminated, Microsoft said. 

Another way Russian threat actors could use AI is by inserting deepfake voice clips into real videos of politicians, said Ginny Badanes, senior director of Democracy Forward at Microsoft. This strategy is highly effective, as the clips can be difficult to detect, she said.

OpenAI   |   The Record   |  Guardian  |   Ginny Baldanes 

Image: Ideogram

You Might Also Read:

Russian Cyberwar Methods Are Evolving:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Navigating The Latest Paths In Cybersecurity Certification
Backdoor Access To Apple User Data Condemned »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XenArmor

XenArmor

XenArmor products include NetCertScanner, an enterprise software to scan & manage expired SSL Certificates on your local network or internet.

Sandline Discovery

Sandline Discovery

Sandline Discovery provides digital forensics, eDiscovery solutions, managed review and litigation consulting services.

miniOrange

miniOrange

miniOrange is a cloud and on-premise based identity and access management (IAM) solution provider.

Digital Arts

Digital Arts

Digital Arts provides internet security software and appliance products for companies and individuals.

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS) is a non-profit organization dedicated to the recruitment, retention and advancement of women in the cybersecurity field.

ValidSoft

ValidSoft

ValidSoft is a security software company, providing telecommunications-based multi-factor authentication, identity and transaction verification technology.

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo is the UK’s largest cloud and cyber security event.

Hyperwise Ventures

Hyperwise Ventures

Hyperwise Ventures lead seed investments in startups in the cyber security and enterprise software spaces.

Active Countermeasures

Active Countermeasures

Active Countermeasures believe in giving back to the security community. We do this through free training, thought leadership, and both open source and affordable commercial tools.

Aristi Technologies

Aristi Technologies

Aristi provides cybersecurity risk and compliance services to help manage your unique cyber risks, safeguarding your systems and data and complying with government and industry standards.

Cyber Coaching

Cyber Coaching

Cyber Coaching is a community for enhancing technical cyber skills, through unofficial certification training, cyber mentorship, and personalised occupational transition programs.

Arcturus Security

Arcturus Security

Arcturus is a CREST-approved cyber security consultancy created by experts in the field.

IriusRisk

IriusRisk

IriusRisk is an open Threat Modeling platform that automates and supports creating threat models at design time.

OpenAI

OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity.

Protega

Protega

Protega is a company specialized in Managed Cybersecurity Services (MSS) & SOC 24×7; management, risk & compliance (GRC); implementation of data protection technologies; and Red Team services.

NetDescribe

NetDescribe

NetDescribe, part of Xantaro Group, advises and supports companies in building secure and stable IT environments.