Meet GREYVIBE, the Russia-Linked Hacking Group Using AI to Target Ukraine and Still Making Rookie Mistakes

GREYVIBE is a Russia-linked, hybrid threat actor active since 2025 that has run sustained campaigns against Ukrainian military, government, civilian, and business targets using five distinct attack chains (PhantomMail, PhantomClick, PrincessClub, DroneLink, Nebo). The group deploys custom malware (PhantomRelay, LegionRelay), Android spyware (FallSpy), and even cryptominers, leverages AI for code and content generation, and displays operational sloppiness and links to criminal networks that complicate attribution and tracking.