GREYVIBE: Russia-linked group uses AI for cyberespionage against Ukraine

Colleagues — a heads-up for the cybersecurity community: WithSecure has reported on GREYVIBE, active since August 2025 and targeting Ukraine and associated organisations.
- Deploys phishing, fake CAPTCHAs and fraudulent websites (including sham clubs) to distribute PhantomMail, PhantomRelay, LegionRelay and FallSpy.
- Blends state-aligned objectives with ties to the cybercrime ecosystem.
- Leverages generative AI/LLMs to craft obfuscation and tooling, speeding development but introducing implementation flaws.
Why it matters: the hybrid actor profile and AI-enabled tooling complicate detection and response.
What are your thoughts on AI’s role in such operations?
#cybersecurity #threatintelligence #AI #APT


Latest comments
No comments yet.