New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks
What’s new: A new Russian-linked threat actor named GREYVIBE has been identified, targeting Ukraine and related entities since at least August 2025. The group employs various attack vectors, including spear-phishing emails, fake CAPTCHA pages, and fraudulent websites, to deliver malware. GREYVIBE is noted for using generative AI tools to enhance its operations, including malware development and obfuscation techniques.
Who’s affected
Victims include military, government, civilian, and business organizations in Ukraine. The group’s activities align with Russian state interests, particularly in intelligence gathering related to the ongoing Russo-Ukrainian war.
What to do
- Implement robust email filtering to detect and block spear-phishing attempts.
- Educate users about the risks of fake websites and CAPTCHA pages.
- Monitor network traffic for unusual activity associated with known malware signatures, particularly those related to GREYVIBE’s tools like PhantomRelay and FallSpy.
- Regularly update and patch systems to mitigate vulnerabilities that could be exploited by malware.
