Russia’s AI-Powered Cyberattacks Threaten to Outpace Western Defenses

Russia is increasingly leveraging artificial intelligence to refine its cyber espionage and enhance attack precision, warned Western officials at the Munich Security Conference this past weekend. Ihor Malchenyuk of Ukraine’s State Service of Special Communications and Information Protection (SSSCIP) reported that Russia has also been using AI to process the vast amounts of data on Ukraine’s military and ordinary citizens — data that its hackers have stolen over the past few years. Russia’s use of AI as part of its cyberattacks on Ukraine likely indicates what the United States and its partners will face in the coming years.

Russia’s Evolving Cyberattacks on Ukraine

Cyberattacks have long been a feature of Russia’s war in Ukraine. In December 2024, for example, Russian cyberattacks on Ukraine’s state registries disrupted essential services for weeks. Last year, Ukrainian cyber defenders identified and mitigated 1,042 cyber incidents targeting government agencies and critical infrastructure. These operations continue to include espionage, psychological warfare, and financial theft. What is novel is that Russian hackers are increasingly targeting digital spaces critical to the success of their military operations, the SSSCIP reports. Previous reports, such as a July 2022 assessment from the Canadian Centre for Cyber Security, noted a convergence in the timeline of cyber and kinetic attacks, but SSSCIP’s assessment is that there is also a convergence of mission. Russian hackers have also figured out how to compromise supposedly secure communication channels. Google researchers revealed on February 19 that Russian military intelligence cyber operatives have infiltrated Signal messenger accounts used by Ukrainian troops, including by working with Russian frontline military personnel to exploit captured devices, allowing them to monitor battlefield communications. Signal is widely regarded as a gold standard for secure messaging because of its end-to-end encryption and minimal data collection. Yet Russian hackers discovered workarounds. Google warned that the tactics Russia used to target Signal will likely “grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war.”

AI Is Making Cyberattacks Worse

Russia’s recent use of AI-enhanced cyberattacks is turning theoretical concerns into reality. British intelligence warned last year, for example, that AI will help accelerate automated reconnaissance, large-scale data analysis, and real-time adaptation of attack strategies. Offensive cyber operations, which traditionally require years of preparation, will become more scalable. Last month, the cybersecurity company CrowdStrike similarly cautioned that AI will accelerate the execution of complex attacks by minimizing human involvement. AI will allow attackers to identify vulnerabilities with unprecedented accuracy and to craft highly personalized phishing emails, CrowdStrike continued. Most concerningly, the cybersecurity firm noted, AI-driven malware powered by reinforcement learning will continuously evolve, making detection and attribution significantly more challenging.

In addition to the instances in Ukraine, OpenAI reported last year that Russian cyber operatives used its platform to research satellite communication protocols — presumably for the purpose of corrupting them — and radar imaging technology. The hackers also used OpenAI for some of their coding. While OpenAI shut down the accounts the operatives were using, the announcement earlier this month from Russia’s Sberbank that it plans to conduct joint research projects with China’s DeepSeek means that Washington cannot count on Western tech platforms to address adversarial use of AI. Indeed, Sberbank itself launched a chatbot in 2023.

Strength in Numbers: Partnerships Can Help the West Outpace Russia’s AI Hackers

To date, the partnerships between Western technology companies and Ukrainian cyber defenders — relationships often facilitated and supported by the U.S. government and nonprofits — have been instrumental to the country’s resilience in the face of Russia’s cyber onslaught. As the Trump administration seeks to end the war, the collaboration to bolster Ukrainian cyber defenses must continue. In the lead-up to Russia’s invasion, collaboration between Ukraine and U.S. Cyber Command yielded insights about Russian tactics that have helped protect American critical infrastructure.

Russian cyberattacks on Ukraine predated the war and will likely continue after. Sustained cyber partnerships will help Washington understand evolving tactics and supply American companies with information to face down assaults from cyber criminals.

Annie Fixler is a research fellow at the Foundation for Defense of Democracies (FDD) and the director of FDD’s Center on Cyber and Technology Innovation (CCTI). Ania Uzieblo is an intern with FDD’s Russia Program. For more analysis from the authors, CCTI, and FDD’s Russia Program, please subscribe HERE. Follow FDD on X @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.