Ukraine Warns Of Growing Russian Use Of AI In Cyberwar Operations

Russia is increasingly using Artificial Intelligence (AI) to analyse data stolen in cyber attacks, making its operations more precise and effective, according to Ukrainian cyber officials. 

Russian hackers have for a long time exfiltrated vast amounts of data from Ukrainian government agencies, military personnel, and ordinary citizens. However, analysing and utilising these large datasets has posed a challenge.

Now, AI is helping to bridge that gap, according to Ihor Malchenyuk, director of the cyberdefense department at Ukraine’s State Service of Special Communications and Information Protection (SSCIP). 

Speaking at the Munich Cyber Security Conference (MCSC) recently, Malchenyuk said that as soon as Russian hackers gain access to a victim’s system, they use machine learning models to filter out what is most essential from the victim’s mailbox. They then use this data to tailor targeted phishing campaigns, he added. 

In the latest example, Ukrainian military personnel have been targeted on encrypted messaging platforms like Signal, receiving highly customisd messages designed to deceive them into clicking malicious links. 

Once accessed, these links can compromise their accounts and expose sensitive information, said Natalia Tkachuk, head of cyber and information security at Ukraine’s National Security and Defence Council. "The attacks are becoming increasingly sophisticated," Tkachuk told Recorded Future News on the sidelines of MCSC. "Hackers now personalise phishing messages with the recipient’s name, military rank, and even official documents they were previously involved with." 

Ukraine is also employing more AI in its cyber security efforts, Tkachuk said, but declined to disclose details. 

According to a recent report by SSCIP, Russian cyberattacks against Ukraine are increasingly focused on cyber-espionage, with attackers using compromised accounts and phishing emails as primary entry points. Ukrainian cyber officials have also observed growing collaboration between Russian state-backed hackers and cybercriminal groups. In these operations, financially motivated hackers infiltrate victims’ systems to steal funds and then pass on access and stolen data to state-sponsored operatives. This data is then analysed using AI, according to Tkachuk. 

Other countries have previously raised similar concerns about the use of AI by Russian threat actors. Earlier in November, British cabinet minister Pat McFadden said that Russia is trying to use AI to enhance cyber attacks against the country’s infrastructure. There is a danger that AI “could be weaponised against us,” McFadden  warned, arguing that the UK is already engaged in the “daily reality” of a “cyber war,” with hacking efforts mostly coming from Russia.

In a 2024 report Microsoft said that state-backed hackers from Russia, China, and Iran have been using tools from OpenAI to support their malicious cyber activities.  

OpenAI said, “Based on collaboration and information sharing with Microsoft, we disrupted five state-affiliated malicious actors: two China-affiliated threat actors known as Charcoal Typhoon and Salmon Typhoon; the Iran-affiliated threat actor known as Crimson Sandstorm; the North Korea-affiliated actor known as Emerald Sleet; and the Russia-affiliated actor known as Forest Blizzard. The identified OpenAI accounts associated with these actors were terminated.” 

According to Microsoft, these threat actors generally sought to use OpenAI services for querying open-source information, translating, finding coding errors, and running basic coding tasks. The identified OpenAI accounts associated with them were terminated, Microsoft said. 

Another way Russian threat actors could use AI is by inserting deepfake voice clips into real videos of politicians, said Ginny Badanes, senior director of Democracy Forward at Microsoft. This strategy is highly effective, as the clips can be difficult to detect, she said.

OpenAI   |   The Record   |  Guardian  |   Ginny Baldanes 

Image: Ideogram

You Might Also Read:

Russian Cyberwar Methods Are Evolving:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Navigating The Latest Paths In Cybersecurity Certification
Backdoor Access To Apple User Data Condemned »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

General Dynamics Information Technology (GDIT)

General Dynamics Information Technology (GDIT)

General Dynamics IT delivers cyber security services to defend critical information and infrastructure.

Telesoft Technologies

Telesoft Technologies

Telesoft Technologies is a global provider of cyber security, telecom and government infrastructure products and services.

SecureAppbox

SecureAppbox

SecureAppbox provide solutions that protects the communication of sensitive data as well as advice on data security and compliance with GDPR.

Mnemonica

Mnemonica

Mnemonica specializes in providing data protection system, information security compliance solutions, cloud and managed services.

Cask Government Services

Cask Government Services

Cask Government Services focuses on program management, cybersecurity, logistics, business analysis and engineering services for Federal, State and Local Government.

AiCULUS

AiCULUS

AiCULUS is a global technology company that specializes in API security and Risk Management products.

Seknox

Seknox

Seknox TRASA™ protects your business from insider threats.

SecureLogix

SecureLogix

SecureLogix deliver a unified voice network security and call verification solution. Protect against call attacks & fraud.

Hyperion Gray

Hyperion Gray

Hyperion Gray are a small research and development team focused on innovative work in a variety of areas including Software & Security Research, Penetration Testing, Incident Response, and Red Teaming

HarfangLab

HarfangLab

HarfangLab develops a hunting software to boost detection and neutralization of cyberattacks against companies endpoints.

Lupovis

Lupovis

Lupovis is an AI-based deception solution that deploys active decoys turning your network from a flock of sheep to a pack of wolves where the hunter becomes the hunted.

Metabase Q

Metabase Q

Metabase Q protects you from financial and reputational losses with more efficient and intelligent cybersecurity, using the best worldwide in technologies, processes and specialists.

SecurEyes

SecurEyes

SecurEyes is a leading cybersecurity firm that provides specialised services, including cybersecurity assessments, managed services, and governance risk and compliance services.

HLB System Solutions

HLB System Solutions

HLB System Solutions: Empowering businesses with proactive IT management, consulting, security, and cloud solutions. Seamless tech for growth!

Mode

Mode

Mode is an out-of-band communication and crisis collaboration platform. One platform to manage your cyber crisis response. Stay connected when it's needed most.

Vulnify

Vulnify

At Vulnify, we’re revolutionizing the way businesses identify and manage security vulnerabilities.