GreyVibe is a previously undocumented Russia-nexus threat actor that has targeted Ukrainian military, government, civilian, and business entities since August 2025, using AI to accelerate fake sites, lures, malware development, and post-compromise tooling. WithSecure says the group’s LLM-generated malware and varied phishing campaigns show operational ambition rather than elite tradecraft, while its links may overlap with the TrickBot ecosystem and UAC-0098. #GreyVibe #LegionRelay #PhantomRelay #Fallspy #TrickBot #UAC0098
Keypoints
- GreyVibe is a newly identified Russia-nexus threat actor.
- The group has targeted Ukrainian military, government, civilian, and business entities.
- AI is used across the attack chain, from lures to malware and post-compromise tools.
- LLM-generated flaws in LegionRelay helped researchers track GreyVibe activity.
- The group’s activity may be linked to the TrickBot ecosystem and UAC-0098.
Read More: https://www.securityweek.com/russia-linked-greyvibe-attackers-use-ai-to-supercharge-cyberattacks/