GREYVIBE Hackers Use ChatGPT and Gemini to Power Cyberattacks

WithSecure researchers detail GREYVIBE, a Russia-aligned threat group using generative AI (ChatGPT, Gemini, Ideogram) to accelerate development of phishing lures, fake sites, custom malware (PowerShell RATs like LegionRelay/PhantomRelay and FallSpy Android spyware), and post-compromise tooling across multiple campaigns (PhantomMail, PhantomClick, PrincessClub, DroneLink, Nebo) targeting Ukrainian military, government, civilians, and businesses since August 2025; the group's heavy AI usage amplifies capability despite operational security flaws that have exposed parts of its backend and linked it to cybercrime ecosystems.