What happened

Several Russian defence and technology companies were targeted by a cyber-espionage campaign that used AI-generated documents as social-engineering tools to gain unauthorised access and extract information. 

These "decoy" documents were designed to appear legitimate, including fake invitations to events and communications purportedly from the Russian Ministry of Industry and Trade, to entice employees at defence firms to open them. 

The operation is attributed to a hacking collective known within the cybersecurity community as “Paper Werewolf” or GOFFEE, an actor that has been active since at least 2022 and generally focuses its operations on Russian targets. 

The activity was uncovered by analysts at cybersecurity firm Intezer, which publicly disclosed the findings through Reuters and other outlets. 

Why it happened

The campaign appears motivated by the ongoing conflict between Russia and Ukraine, with pro-Ukrainian aligned actors seeking strategic advantage through intelligence collection on critical defence supply chains, research processes and military industry operations. 

The use of AI tools to generate convincing decoy documents illustrates how accessible generative technologies have been repurposed for sophisticated cyber-espionage. These tools lower the bar for creating credible, targeted social-engineering lures.

The fact that publicly available AI systems can be used to produce high-quality forgeries underscores broader challenges in cyber-defence linked to technology misuse.