Russia-linked threat group put ChatGPT to work from lure to payload

Researchers at WithSecure attributed an active Russia-linked espionage campaign, tracked as GREYVIBE, against Ukrainian military, government, civilian, and business targets since at least August 2025; the group systematically used generative AI (ChatGPT, Gemini, Ideogram) across multiple operational stages to craft lures, create and obfuscate malware (including LegionRelay), and build infrastructure, though operational security mistakes and design flaws exposed parts of their backend and allowed extended monitoring by researchers.