Theregister
GREYVIBE: AI-Driven Cyberattacks Targeting Ukraine by Russian Hackers
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The GREYVIBE group, a previously unknown Russian hacking entity, has been actively targeting Ukrainian military, government, and civilian sectors since August 2025. Utilizing sophisticated AI tools like ChatGPT and Google Gemini, GREYVIBE has executed multiple campaigns involving spear-phishing emails, fake CAPTCHA pages, and fraudulent adult websites to deliver malware. Key malware tools include PhantomRelay, LegionRelay, and FallSpy, which facilitate espionage and data theft. The group has shown a blend of state-sponsored and cybercriminal tactics, indicating a lack of operational discipline. Despite their advanced use of AI, GREYVIBE has made significant operational security mistakes, exposing parts of their infrastructure. Their activities align closely with Russian state interests, particularly in the context of the ongoing conflict with Ukraine.
Key Points: • GREYVIBE has targeted Ukrainian entities since August 2025 using AI-generated lures. • The group employs malware like PhantomRelay and FallSpy for espionage and data theft. • Despite advanced tactics, GREYVIBE's operational security is compromised by significant mistakes.