GREYVIBE: AI-Driven Cyberattacks Targeting Ukraine by Russian Hackers

GREYVIBE: AI-Driven Cyberattacks Targeting Ukraine by Russian Hackers

First seen 29 May 2026, 12:55 UTC Bleepingcomputerlabs.withsecure.comGbhackersTheregisterDev.Ua+5 82% similarity 72.6

Article Content

Browse articles
ThreatCluster

The GREYVIBE group, a previously unknown Russian hacking entity, has been actively targeting Ukrainian military, government, and civilian sectors since August 2025. Utilizing sophisticated AI tools like ChatGPT and Google Gemini, GREYVIBE has executed multiple campaigns involving spear-phishing emails, fake CAPTCHA pages, and fraudulent adult websites to deliver malware. Key malware tools include PhantomRelay, LegionRelay, and FallSpy, which facilitate espionage and data theft. The group has shown a blend of state-sponsored and cybercriminal tactics, indicating a lack of operational discipline. Despite their advanced use of AI, GREYVIBE has made significant operational security mistakes, exposing parts of their infrastructure. Their activities align closely with Russian state interests, particularly in the context of the ongoing conflict with Ukraine.

Key Points: • GREYVIBE has targeted Ukrainian entities since August 2025 using AI-generated lures. • The group employs malware like PhantomRelay and FallSpy for espionage and data theft. • Despite advanced tactics, GREYVIBE's operational security is compromised by significant mistakes.

ThreatCluster AI

Timeline

2025-08-01
GREYVIBE begins operations
The GREYVIBE group starts targeting Ukrainian organizations, focusing on military and government sectors.
Bleepingcomputer
2025-10-01
First use of fake CAPTCHA pages
GREYVIBE experiments with fake CAPTCHA pages for malware delivery, targeting victims with deceptive lures.
labs.withsecure.com
2026-03-01
DroneLink campaign launched
The group initiates the DroneLink campaign, using drone-themed lures to target victims.
labs.withsecure.com
2026-05-29
WithSecure report published
WithSecure releases a comprehensive report detailing GREYVIBE's operations and use of AI in cyberattacks.
Dev.Ua

Community

Browse all →