Inside the GREYVIBE Threat Actor Group: A Hybrid Espionage Menace
ID: 009584ee-7729-521f-81e6-ef50eadb6755
STIX ID: report--009584ee-7729-521f-81e6-ef50eadb6755
Feed Name: securityonline.info
Threat Score
GREYVIBE is a Russia-aligned threat actor active since August 2025 against Ukrainian targets, running multiple concurrent campaigns (PhantomMail, PhantomClick, PrincessClub, DroneLink) that use social engineering, fake verification pages, malicious Android apps (FallSpy), and modular backdoors (PhantomRelay, LegionRelay); operators leverage generative AI to craft lures and accelerate code development, blending state-aligned objectives with criminal behaviors.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.