News

GreyVibe hackers use ChatGPT, Gemini to power cyberattacks

By Priya Das · Staff Writer, Cybersecurity Yesterday

GreyVibe, a Russian-linked threat cluster, actively targets Ukrainian organisations using AI-generated phishing content and custom malware. The group leverages large language models including ChatGPT and Google Gemini to craft convincing social engineering lures that bypass traditional security awareness training.

The campaign focuses on Ukrainian government, military, and critical infrastructure entities. GreyVibe operators use AI tools to generate contextually relevant messages in Ukrainian and Russian, increasing click-through rates on malicious links and attachments. This approach reduces the linguistic inconsistencies that typically expose foreign-language phishing campaigns.

The threat cluster deploys a toolkit of custom malware designed for initial access and lateral movement. Researchers have identified credential harvesters, information stealers, and backdoor components in GreyVibe operations. The group maintains persistent access to compromised networks, enabling follow-on attacks and data exfiltration.

The use of publicly available AI services represents a significant operational shift. Rather than developing their own text generation capabilities, GreyVibe exploits the accessibility of commercial LLMs while remaining difficult to attribute through traditional infrastructure analysis. This approach scales phishing operations across multiple targets with minimal manual effort.

Ukrainian organisations face elevated risk from this campaign. The combination of culturally relevant, AI-crafted messages and legitimate-appearing sender identities creates a formidable social engineering vector. Standard email filtering tools struggle to detect AI-generated content that lacks traditional malware signatures or known phishing indicators.

Security teams should implement layered defences beyond email filtering. Multi-factor authentication, endpoint detection and response platforms, and user behaviour analytics provide detection mechanisms that complement traditional gateway controls. Ukrainian entities should treat unsolicited communications with heightened scrutiny, even when content appears authentic or contextually relevant.

The GreyVibe campaign underscores how threat actors operationalise emerging technologies. The accessibility

Key facts

GreyVibe, a Russian-linked threat cluster, actively targets Ukrainian organisations using AI-generated phishing content and custom malware.
The group leverages large language models including ChatGPT and Google Gemini to craft convincing social engineering lures that bypass traditional security awareness training.
The campaign focuses on Ukrainian government, military, and critical infrastructure entities.
GreyVibe operators use AI tools to generate contextually relevant messages in Ukrainian and Russian, increasing click-through rates on malicious links and attachments.

Why it matters

This general story is part of CyberWireDaily's daily monitoring of sources, companies, institutions, and trends shaping security breaches, threats & cyber news.

Source context

This article summarizes and contextualizes reporting from BleepingComputer. The visible original source link is retained so readers can review the primary report directly.

GreyVibe hackers use ChatGPT, Gemini to power cyberattacks

Key facts

Why it matters

Source context

Related reading

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

Get Daily CyberWireDaily