Meet GREYVIBE, the Russian-Linked Hacking Group Using AI to Target Ukraine and Still Making Rookie Mistakes
Publish Date: 2026-05-29 14:23:20
Source Domain: securityaffairs.com
Article Summary
A Russia-linked hacking group known as GREYVIBE, which has been active since 2025, uses artificial intelligence to conduct cyberattacks against a wide array of Ukrainian targets, including military, governmental, civilian, and business entities. Security firm WithSecure has tracked this APT group and found that while GREYVIBE employs AI to enhance its operations, they remain persistent despite skill gaps. The group uses a variety of attack vectors, including spear-phishing emails, fake captcha pages, and fraudulent websites, to deploy malware like PowerShell remote access trojans and Android spyware. Researchers have documented five distinct attack chains used by GREYVIBE and discovered evidence of AI tools like Ideogram AI and code development platforms such as ChatGPT helping in the group’s operations. However, the group’s operational security breaches, design flaws in their malware, and use of cryptocurrency mining on some infected machines suggest that they may have links to broader cybercrime networks. WithSecure concludes that GREYVIBE likely involves former cybercriminal members and presents an unclear but potentially hybrid identity between cybercrime and state-sponsored activity.
Key Points:
- GREYVIBE’s Targets: The group targets Ukraine and Ukrainian-related entities across military, government, civilian, and business sectors.
- AI Usage: GREYVIBE uses AI tools for image generation, code development, and command generation, suggesting a more improvised use rather than sophisticated, disciplined operations.
- Operational Security Failures: The group exhibits significant OpSec lapses, including uploading test samples to – The generated text has been blocked by our content filters.
