From phishing to malware: AI becomes Russia's new cyberweapon in the war against Ukraine
In the first half of 2025, Russian hackers took the use of artificial intelligence in cyberattacks against Ukraine to a new level.
In the first half of 2025, Russian hackers took the use of artificial intelligence in cyberattacks against Ukraine to a new level.
"The use of artificial intelligence in cyberattacks has reached a new level. Now hackers are using it not only to generate phishing messages, but also to create malicious programs. We have studied a number of viruses that have clear signs that they were generated using AI, and attackers will definitely not stop there," says the report of the State Special Communications Service for the first six months of 2025.
During this period, 3,018 cyber incidents were recorded, compared to 2,575 in the second half of 2024. The number of attacks on local authorities and military facilities increased, while the government and energy sectors, on the contrary, decreased.
One of the most notable AI-based attacks recorded was carried out by the UAC-0219 group, which used the WRECKSTEEL malware in attacks targeting government agencies and critical infrastructure in the country. There is reason to believe that the attackers are using artificial intelligence to generate PowerShell scripts. The activity of this group was first recorded by CERT-UA in the first half of 2025, although signs of activity of this threat cluster have been found since the fall of 2024.
The first half of 2025 was not without cyberattacks by the UAC-0002 (Sandworm, APT44) group, which is a unit of the General Staff of the Russian Federation (formerly known as the GRU).
Russian intelligence agencies continued to prioritize energy sector organizations, but also defense-industrial complex organizations, telecommunications service providers, and even research institutions were targeted.
"The largest cyberattack with the most tangible consequences was the attack on JSC Ukrzaliznytsia . However, the enemy did not manage to disrupt the stable movement of trains, although some services, in particular ticket sales, had to be temporarily taken offline. During this, in essence, terrorist attack, hackers from the Russian Federation used unique malicious software and methods of its delivery, developed taking into account the specifics of the enterprise's infrastructure," the report says.
OpenAI detected and blocked hackers from Russia, China, and North Korea who used ChatGPT for cyberattacks
OpenAI detected and blocked hackers from Russia, China, and North Korea who used ChatGPT for cyberattacks
ESET has discovered Russian hacker groups Gamaredon and Turla, which are attacking Ukraine with new malware
ESET has discovered Russian hacker groups Gamaredon and Turla, which are attacking Ukraine with new malware
Russian hackers suspected in large-scale hack of US federal court electronic case system
Russian hackers suspected in large-scale hack of US federal court electronic case system
Read the country's main IT news in our Telegram
Read the country's main IT news in our Telegram
