DETROIT / SEOUL – Russian technology and defense companies specializing in air defense, sensitive electronics, and other critical defense applications have recently been targeted by sophisticated cyber espionage campaigns leveraging AI-generated decoy documents, cybersecurity researchers report.

According to a detailed analysis by cybersecurity firm Intezer, the attacks showcase how easily artificial intelligence tools can be exploited for high-stakes cyber operations. Senior security researcher Nicole Fishbein, lead author of the Intezer report, highlighted that the campaign offers a rare and detailed insight into cyber espionage specifically aimed at Russian defense contractors.

The hacking operation, attributed to the group known as Paper Werewolf (also referred to as GOFFEE), has been active since 2022 and is widely believed to be pro-Ukrainian. The group’s operations have historically targeted Russian organizations across government, energy, finance, and telecommunications sectors. The latest campaign appears to extend its focus to major defense contractors, underlining a strategic interest in Russia’s military industry.

AI-Generated Decoy Documents Used in the Attack

Researchers discovered that the hackers employed AI to create realistic decoy documents. In one instance, a document falsely presented an invitation to a concert for high-ranking military officers, while another document mimicked correspondence from the Russian Ministry of Industry and Trade, requesting justification for government pricing regulations. Fishbein emphasized that the campaign demonstrates how accessible AI tools can be repurposed for malicious purposes, lowering the barrier for conducting complex cyberattacks.

Oleg Shakirov, a Russian cyber policy analyst, noted that access to these defense contractors could provide attackers with sensitive information about military production, including scopes, air defense systems, research and development processes, and supply chains. While espionage targeting Russian military firms is not unprecedented, this campaign highlights an escalation in the use of AI and digital tactics to gain intelligence during the ongoing Russia-Ukraine conflict.

Implications for Cybersecurity and Geopolitics

The attacks coincided with delicate peace negotiations involving Russia, Ukraine, and Western allies. While it remains unclear whether Paper Werewolf is acting independently or in coordination with a nation-state, some cybersecurity experts suggest links between this group and previously identified pro-Ukrainian campaigns, including Cloud Atlas, known for targeting pro-Russian entities in Eastern Europe and Central Asia.

Fishbein emphasized that the misuse of AI for cyber espionage illustrates the evolving nature of cyber warfare. “Emerging technologies like AI do not pose risks by themselves. It is their misuse in operations like these that creates sophisticated threats,” she said.

The campaign also sheds light on the ongoing digital dimension of the Russia-Ukraine conflict, where cyberattacks complement traditional military strategies. Analysts predict that as AI tools become more sophisticated, cyber espionage campaigns against defense and critical infrastructure organizations worldwide may increase, necessitating stronger cybersecurity measures.