Russian-linked GREYVIBE targeted Ukraine with AI-assisted cyberattacks.
Researchers described a previously undocumented threat actor named GREYVIBE, active against Ukraine and Ukraine-related entities since at least August 2025. The group is assessed as Russian-speaking and operating broadly in the Russian time zone, with activity aligned to Russian state interests. Its targets include military, government, civilian, and business organizations. The campaigns used spear-phishing emails, fake CAPTCHA pages, fraudulent Ukrainian adult-club websites, malware loaders, Android spyware, and PowerShell-based remote access tools. WithSecure also reported signs that the actor used generative AI and LLMs to support malware development and operations.