GreyVibe hackers use ChatGPT, Gemini to power cyberattacks
ID: 17ac238a-cd22-5f6a-a7cc-2ced66acfaed
STIX ID: report--17ac238a-cd22-5f6a-a7cc-2ced66acfaed
Feed Name: Bleeping Computer
GreyVibe, a likely Russian-speaking threat actor active since at least August 2025, has run AI-powered cyberespionage campaigns against Ukrainian and Ukraine-related organizations using realistic, AI-generated lures and a suite of custom tools (LegionRelay, PhantomRelay, FallSpy and multiple obfuscators) across campaigns such as PhantomMail, PhantomClick, PrincessClub, DroneLink, and Nebo; WithSecure links activity to Russian-language artifacts and Moscow time settings but notes operational sloppiness suggesting possible cybercriminal ties, and published IoCs and mitigation guidance.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.