August 1, 2025 | Policy Brief
Russian Cyber Threat Group Uses AI-Guided Malware
August 1, 2025 | Policy Brief
Russian Cyber Threat Group Uses AI-Guided Malware
Hackers are now using AI to guide attacks in real time. In a statement that initially attracted little attention among Western analysts, Ukraine’s national cybersecurity agency warned on July 17 that a Russian cyber threat group, known as APT28, is using AI in a novel way as part of its cyberattacks. Once the hackers gain access to their target, the AI instructs the malware how to move through the network and disrupt, destroy, or steal information. This more adaptive methodology makes it harder for defenders to detect and thwart attacks.
AI Is Reshaping the Cyber Threat Landscape
The Computer Emergency Response Team of Ukraine (CERT-UA) warned that during operation in mid-July, the Russian hackers configured their malware to query AI in real time on what it should do next once inside Ukrainian networks. Instead of following static, pre-coded instructions, the malware asked the model for new actions based on its environment, allowing it to adapt on the fly.
Cybercriminals have been increasingly leveraging AI to scale operations. At the February 2025 Munich Security Conference, Western and Ukrainian officials warned that Russian hackers are relying on AI to process large volumes of stolen data and improve attack precision. An April 2025 threat report by cloud security company Zscaler confirmed that adversaries now use generative AI to bypass security systems and craft more convincing phishing scams. One emerging cybercriminal group, FunkSec, uses generative AI to develop advanced malware for less experienced hackers, making cybercrime more accessible than ever.
Public large language model (LLM) hubs have accelerated this shift. These platforms, originally intended to promote research and innovation, now offer easy access to downloadable models that hackers can repurpose for attacks. Dark web forums are compounding this problem by promoting low-cost tools like FraudGPT and ChaosGPT, which help attackers generate malicious code and execute advanced scams.
New LLMs Evade Traditional Detection Methods
Unlike previous cases where hackers have leveraged AI to generate phishing emails or assist in coding malware, APT28 integrated AI directly into the command-and-control phase of its attack. During the incident, the malware actively reached out to Qwen2.5-Coder-32B-Instruct, a large language model of Chinese origin, publicly available on the LLM hub Hugging Face, to request and receive tailored instructions. The model responded with custom code that the malware executed immediately.
The attack marks a concerning shift in the cyber threat landscape: Instead of relying on direct operator involvement, adversaries can now outsource command logic to public AI platforms. Because this type of malware can change behavior quickly, traditional detection methods that rely on known code or behavior patterns often fail. Each intrusion looks different and leaves behind few consistent traces. This adaptability complicates post-incident analysis, giving defenders no predictable sequence of events to investigate.
The U.S. Should Modernize Cyber Defenses for the Age of AI
The incident exposes the growing risk posed by open-source LLMs, especially those developed in adversarial countries with minimal safeguards. Platforms like Hugging Face allow threat actors easy access to advanced Chinese models, which foes can exploit for sophisticated attacks.
To mitigate this risk, the United States should require that the most sophisticated AI models undergo review by the Cybersecurity and Infrastructure Security Agency’s AI Security Initiative or a comparable authority before public release. Developers should demonstrate that sufficient security measures are in place. The AI Security Initiative should consider conducting independent testing of models that adversaries can exploit for malicious purposes. Additionally, while Washington cannot regulate foreign models, it should work with open-source platforms to flag, monitor, and restrict malicious use — especially for high-risk models.
While APT28 appears to have used its malware for espionage, similar malware could conduct destructive attacks against critical infrastructure. Without immediate investment in behavior-based detection and AI-aware defense tools, adversaries will continue to conduct scalable, evasive, and high-impact operations. Governments and cybersecurity providers should develop behavior-based threat detection and LLM-aware analytics that can recognize malicious activity rapidly. Without these systemic upgrades, state and non-state actors will continue exploiting open-source AI to outpace even the most sophisticated cyber defenses.
Leah Siskind is the director of impact and an AI research fellow at the Foundation for Defense of Democracies (FDD). Maria Riofrio and Mariam Lomtadze are interns at the Center on Cyber and Technology Innovation (CCTI) at FDD. For more analysis from the authors, CCTI, and FDD, please subscribe HERE. Follow Leah on X @Leahsiskind. Follow FDD on X @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.