Russia-linked threat group put ChatGPT to work from lure to payload

Russia-linked threat group put ChatGPT to work from lure to payload

Briefly

"Researchers at WithSecure say a previously undocumented threat group, tracked as "GREYVIBE," has been using OpenAI's ChatGPT, Google's Gemini, and Ideogram AI across almost every stage of its operations targeting Ukraine. The campaign has hit military, government, civilian, and business organizations since at least August 2025."

"According to the report, GREYVIBE has used spear-phishing emails, fake CAPTCHA pages, and bogus Ukrainian adult club websites to lure victims into installing malware. The researchers linked the activity to Russian-speaking operators in the Moscow time zone who pursued targets aligned with Russian intelligence interests."

"WithSecure said it found "strong evidence" that GREYVIBE systematically relied on AI tools for lure development, malware creation, infrastructure setup, obfuscation tooling, and post-compromise activity. The company said the group's use of AI appeared "operationally integrated rather than isolated or experimental.""

""GREYVIBE appears to use AI not only for isolated development tasks, but across multiple operational phases. This likely enables the group to compensate for capability gaps, accelerate development cycles, and potentially reduce historical backlinks to prior activity.""