**Pro-Ukrainian Hackers Target Russian Defense Firms in Cyber-Espionage Campaign**
A recent cyber-espionage campaign has targeted Russian defense and technology firms, with researchers attributing the attacks to Paper Werewolf (also known as GOFFEE), a pro-Ukrainian hacking group active since 2022. The campaign, uncovered by cybersecurity firm Intezer, employed AI-generated decoy documents to trick employees at organizations involved in air defense and sensitive electronics into opening malicious files.
The attack used sophisticated social engineering tactics, including Russian-language lures such as a fake concert invitation for high-ranking officers and correspondence mimicking Russia’s Ministry of Industry and Trade. Intezer researcher Nicole Fishbein noted that while such intrusions against Russian entities may not be uncommon, visibility into them remains limited.
Oleg Shakirov, a Russian cyber policy researcher, confirmed that pro-Ukrainian hackers frequently target Russian defense companies during the ongoing war. This campaign follows a prior cyberattack by Ukraine’s Defense Intelligence on Gaskar Integration, a Russian UAV supplier, which disrupted its systems and provided access to critical drone production data. The incident highlights the persistent cyber threats facing Russia’s defense sector amid the conflict.
Ministry of Defense of the Russian Federation cybersecurity rating report: https://www.rankiteo.com/company/ministry-of-defense-of-the-russian-federation
"id": "MIN1766174208",
"linkid": "ministry-of-defense-of-the-russian-federation",
"type": "Cyber Attack",
"date": "12/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Defense, Sensitive Electronics',
'location': 'Russia',
'type': 'Defense and Technology Firms'},
{'industry': 'Defense, Drone Production',
'location': 'Russia',
'name': 'Gaskar Integration',
'type': 'UAV Supplier'}],
'attack_vector': 'Malicious Files (Decoy Documents)',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Technical data, Sensitive '
'electronics and air defense '
'information, Drone production '
'data'},
'date_publicly_disclosed': '2023-12-19',
'description': 'Russian defense and technology firms were targeted in a '
"cyber-espionage campaign linked to the 'Paper Werewolf' "
'(GOFFEE) hacking group, believed to be pro-Ukrainian. The '
'campaign used AI-generated decoy documents to deceive '
'employees into opening malicious files.',
'impact': {'data_compromised': 'Technical data related to air defense and '
'sensitive electronics',
'operational_impact': 'Disruption of systems (in case of Gaskar '
'Integration)'},
'initial_access_broker': {'entry_point': 'AI-generated decoy documents, '
'Phishing lures (e.g., concert '
'invitations, ministry '
'correspondence)',
'high_value_targets': 'High-ranking officers, '
'Defense and technology '
'firms'},
'investigation_status': 'Ongoing',
'motivation': 'Espionage, Gathering Intelligence on Russian Defense '
'Capabilities',
'post_incident_analysis': {'root_causes': 'Use of AI-generated decoy '
'documents, Social engineering '
'(phishing lures)'},
'references': [{'date_accessed': '2023-12-19', 'source': 'Reuters'},
{'date_accessed': '2023-12-19', 'source': 'Intezer'}],
'response': {'third_party_assistance': 'Intezer (Cybersecurity Firm)'},
'threat_actor': 'Paper Werewolf (GOFFEE)',
'title': 'Cyber-Espionage Campaign Targeting Russian Defense and Technology '
'Firms',
'type': 'Cyber-Espionage'}