GREYVIBE Leverages ChatGPT and Google Gemini for AI-Augmented Operations against Ukraine
Russia-aligned threat group GREYVIBE is utilizing OpenAI's ChatGPT and Google Gemini to facilitate "capability equalization" during cyber offensive operations against Ukrainian infrastructure. By integrating large language models (LLMs) into the cyber kill chain, the actor automates the generation of linguistically precise phishing lures, develops malware-related scripts, and streamlines post-compromise reconnaissance and lateral movement. This AI-augmented workflow enables the concurrent execution of five parallel attack chains, significantly reducing the technical skill barrier and operational cost-per-attack. The campaign demonstrates a strategic shift toward using commercial AI to mimic APT-level sophistication, posing an increased threat to critical sectors in Ukraine.
Greyvibe: Russia-Aligned Threat Actor Leverages ChatGPT, Google Gemini, and Ideogram AI for Ukrainian Intelligence Campaigns
Greyvibe, a newly identified Russian-aligned hybrid threat actor, utilizes Generative AI tools—including ChatGPT, Google Gemini, and Ideogram AI—to accelerate the cyberattack lifecycle against Ukrainian military, government, and private sector targets. The group employs Large Language Models (LLMs) to automate the creation of custom PowerShell-based Remote Access Trojans (RATs), specifically PhantomRelay and LegionRelay, as well as the Android-based FallSpy spyware. Attackers leverage ClickFix-style phishing via fraudulent CloudFlare CAPTCHA pages and deploy obfuscated scripts, such as LOOKVALPS, LOOKVALJS, DAYLIGHT, and TEASOUP, to facilitate credential harvesting, RDP persistence, and the exfiltration of sensitive communications from platforms like Telegram and WhatsApp.