Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks

Researchers warn GreyVibe’s extensive use of ChatGPT, Gemini, and other AI tools offers a glimpse into how future cybercriminal and state-aligned groups will operate. The post Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks appeared first on SecurityWeek .

According to WithSecure’s reporting, the Russia‑linked GREYVIBE group systematically uses generative AI platforms such as ChatGPT, Google Gemini, and Ideogram across its full attack lifecycle, including generating phishing lures, website content, obfuscators, loaders, and custom malware like the LegionRelay and PhantomRelay PowerShell RATs.[1][4] The group targets Ukrainian military, government, civilian, and business entities via multiple AI‑enhanced attack chains (PhantomMail, PhantomClick, PrincessClub, DroneLink, Nebo), using AI to bridge skill gaps, accelerate development, and create novel infrastructure that complicates attribution.[2][4] From a CyberSE.AI perspective, this demonstrates how adversaries can weaponize public LLMs to industrialize phishing, malware development, and post‑compromise operations; defenders should assume attackers can quickly iterate and customize campaigns using the same AI tooling available to enterprises. Organizations should adopt continuous AI‑focused red teaming, harden any internal AI agents or coding assistants against misuse, and integrate AI‑aware threat modeling and incident response to detect AI‑generated lures, infrastructure, and toolin