Pro-Ukrainian Cyber Group Exploits AI Tools to Infiltrate Russian Defense Contractors

A number of Russian defense contractors that focus on air defense, advanced electronics, and various types of weaponry have come under attack from a pro-Ukrainian cyberespionage group utilizing AI-generated documents as bait, as reported by Reuters on Friday.

The intrusions, uncovered by the U.S.-based cybersecurity firm Intezer, are believed to have been executed by a group known as Paper Werewolf or GOFFEE, according to senior security researcher Nicole Fishbein’s statement to Reuters.

Active since 2022, this group primarily targets Russian entities and is regarded as pro-Ukrainian in cybersecurity communities.

In one notable case, the group sent a document that mimicked an invitation to a concert aimed at senior military officials, which appeared to have been generated by artificial intelligence.

Additionally, another document masqueraded as a request from Russia’s Industry and Trade Ministry, seeking justification for pricing in accordance with government pricing regulations.

Fishbein commented that the use of AI-generated documents by Paper Werewolf illustrates how «readily available AI tools can be redirected for harmful purposes,» emphasizing that «emerging technologies can make it easier to conduct complex attacks, and that the real issue lies in their misuse rather than the technology itself.»

Oleg Shakirov, a researcher specializing in Russian cybersecurity policies, informed Reuters that the selection of their targets indicates the attackers’ keen interest in Russia’s defense sector.

Gaining access to confidential information from major defense contractors could potentially expose details on «everything from the specifications of air defense systems to defense supply chains and research and development processes,» he noted.