Four years into Ukraine invasion, Russia turns influence-ops back to US and Europe

Security

Not today, Putin

Four years into the Kremlin’s illegal invasion of its neighboring country, Russian influence operations have moved beyond their near-exclusive focus on Ukraine to their former favorite targets: the US and Europe, and especially covert cyber-ops intended to undermine political stability within these countries and the unity between them, according to Google Threat Intelligence.

“This shift is significant because it likely signals increased focus outside of Ukraine, warning that pro-Russia influence activity targeting the European Union (EU), North Atlantic Treaty Organization (NATO), and other top targeting priorities may intensify,” Google threat hunters James Sadowski and Alden Wahlstrom said in a Monday report.

The war in Ukraine helped Russian operatives refine their influence activities, and Moscow’s increasing use of AI for planning, reconnaissance, and content generation “marks a forward trend in pro-Russia IO,” the duo wrote.

The primary objectives of these pro-Russia influence campaigns center around five key goals, all of which aim to advance the Kremlin’s military and political objectives via psychological manipulation – something Russia has been very, very good at throughout history. These key goals include: undermining democracy, dividing Western coalitions, promoting Russia’s image and regional interests, maintaining domestic stability, and repressing political dissent within the country. 

While the campaigns themselves typically involve fake news websites serving up phony political commentary or direct messages disseminating pro-Russian narratives, influence ops frequently coincide with data-wiping malware or other destructive cyberattacks, hack-and-leak campaigns, or direct cyber-espionage, according to the Googlers.

This influence ecosystem spans multiple channels, from official government propaganda and covert intelligence operations to hacktivists and pro-Russian proxies. Oftentimes, the lines between these channels are blurred, making attribution more difficult and giving Moscow plausible deniability for cyber activities.

Plus, Russian cybergroups – like everyone else – are increasingly using AI tools across their entire campaigns to make their cyber operations more efficient. 

Late last month, researchers at WithSecure documented Russia-linked cyber espionage crews using AI tools to help build malware, spin up infrastructure, and craft lures for attacks on Ukrainian targets. The group, tracked as GreyVibe, used OpenAI's ChatGPT, Google's Gemini, and Ideogram AI across almost every stage of its operations since at least August 2025, we’re told.

“As Russia seeks to emerge from international isolation and reorients its influence ecosystem back toward global objectives, it is critical for defenders to understand how this ecosystem provides the Kremlin with a durable influence capability in order to better anticipate future Russian influence threats,” the Googlers noted. ®