Russian State-Backed Hackers Employ AI-Powered Cyberattacks Against Ukraine
Russian state-backed threat actors have increasingly leveraged artificial intelligence to enhance the sophistication and effectiveness of their cyberattacks targeting Ukraine. According to Ukraine's Computer Emergency Response Team (CERT-UA), these hackers have utilized AI not only to craft more convincing phishing messages but also to develop advanced malware, such as the Wrecksteel backdoor associated with the UAC-0219 cyberespionage operation. AI-based PowerShell scripts have been observed as part of these campaigns, enabling more dynamic and adaptive attack techniques. The attackers have shifted their tactics to favor shorter, high-impact attacks using information-stealing tools and the exploitation of zero-click vulnerabilities, rather than focusing on maintaining long-term persistence within networks. These cyber intrusions are often synchronized with physical missile and drone strikes, amplifying the overall disruption to Ukrainian infrastructure and defenses. CERT-UA has noted a significant increase in both the frequency and complexity of these cyberattacks as the conflict continues. In July, CERT-UA discovered Russian malware that leveraged large language models (LLMs) to automate various stages of the cyberattack process, including system reconnaissance and data theft. This use of AI allowed attackers to generate commands in real-time, making their operations more efficient and harder to detect. The integration of AI into cyber operations has enabled Russian hackers to adapt quickly to Ukraine's increasingly robust cybersecurity measures. The attackers' use of AI extends to automating the entire attack chain, from initial reconnaissance to credential harvesting and even extortion communications. These developments represent a significant escalation in the cyber dimension of the conflict, as AI-driven attacks can operate at computer speeds and scale, outpacing traditional defensive measures. The synchronization of cyber and kinetic attacks demonstrates a coordinated strategy aimed at maximizing disruption and psychological impact. Ukrainian officials have emphasized that despite the increased volume and sophistication of attacks, the primary objectives of the Russian campaign have not been achieved. The ongoing use of AI in cyber operations highlights the evolving nature of modern warfare, where digital and physical domains are increasingly intertwined. The threat posed by AI-powered cyberattacks is not limited to Ukraine, as the techniques and tools developed in this conflict may be adopted by other state and non-state actors in future operations. The rapid advancement of AI capabilities in the hands of threat actors underscores the urgent need for equally advanced AI-assisted cyberdefense strategies. As the conflict persists, the cyber battlefield is expected to remain highly dynamic, with both sides racing to outpace each other's technological innovations.

Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
CERT-UA describes shift to shorter, theft-focused intrusions
CERT-UA assessed that Russian operators had shifted away from long-term persistence toward shorter intrusions focused on data theft, information-stealing tools, and exploitation of zero-click vulnerabilities. The report also said these cyber operations were being coordinated with missile and drone strikes to maximize disruption.
CERT-UA links AI-assisted malware to UAC-0219's Wrecksteel activity
CERT-UA said it observed AI-based PowerShell scripts in the Wrecksteel backdoor associated with the UAC-0219 cyberespionage operation. The disclosure provided technical detail on how AI was being incorporated into malware used in the campaign.
CERT-UA reports Russian hackers using AI in attacks on Ukraine
Ukraine’s Computer Emergency Response Team (CERT-UA) reported that Russian state-backed threat actors had increased their use of AI-enabled cyberattacks against Ukrainian targets. The agency said AI was being used to improve phishing lures and assist malware development as attackers adapted to Ukraine’s strengthened defenses.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Autonomous AI Hacking and the Future of Cybersecurity
schneier.com
Open sourceAI tapped by Russian hackers to counter Ukrainian defenses
scworld.com
Open sourceAutonomous AI hacking and the future of cybersecurity
csoonline.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.


