GREYVIBE is a previously undocumented threat actor that has been conducting persistent attacks against Ukraine and Ukraine-related entities since at least August 2025, using phishing, fake CAPTCHA pages, and fraudulent websites to deliver custom malware. WithSecure says the group appears Russian-speaking and aligned with Kremlin interests, while also showing links to the cybercrime ecosystem and evidence of AI-assisted malware development. #GREYVIBE #PhantomRelay #LegionRelay #FallSpy #WireGuard #UAC-0098 #TrickBot #OpenAIChatGPT #GoogleGemini #IdeogramAI
Keypoints
- GREYVIBE has targeted Ukraine and related entities since at least August 2025.
- The group uses spear-phishing, fake CAPTCHA pages, and fake websites to spread malware.
- Its attack chains deliver tools such as PhantomRelay, LegionRelay, FallSpy, and WireGuard.
- WithSecure says GREYVIBE likely uses AI platforms to build malware, obfuscation, and infrastructure.
- The group appears to sit between state-backed activity and the broader Russian cybercrime ecosystem.
Read More: https://thehackernews.com/2026/05/new-russian-linked-greyvibe-targets.html