A new Russian‑linked threat group called GREYVIBE has been using generative AI to automate malware creation and phishing lures against Ukrainian government, military and civilian targets. Experts explain how the AI‑assisted tools work, why they make attribution harder, and what defenders can do to detect and disrupt these campaigns.
![Featured image]
GREYVIBE, a previously undocumented actor first seen in August 2025, has been linked to a wave of AI‑enhanced attacks aimed at Ukraine and organizations with ties to the country. WithSecure’s analysis shows the group combines classic social‑engineering tricks—phishing, fake captcha pages, and counterfeit adult‑club sites—with custom malware that is partially generated or obfuscated by large language models such as OpenAI’s ChatGPT, Google Gemini, and Ideogram AI.
Why GREYVIBE matters
The campaign is notable for three reasons:
- Strategic focus – All observed victims are connected to Ukraine’s defense, intelligence, or critical infrastructure, aligning with Kremlin objectives in the ongoing conflict.
- Hybrid talent pool – The group appears to blend former cyber‑criminal operatives (evidenced by shared tooling with TrickBot and XMRig miners) with state‑aligned actors, creating a “grey” attribution space.
- AI‑driven development – Generative AI is used to produce phishing images, write loader scripts, and even generate portions of the PowerShell‑based RAT LegionRelay. This accelerates the attack lifecycle and reduces reliance on reusable code that analysts traditionally use for clustering.
“If an actor can frequently generate, refactor, or replace components of its operational footprint with AI assistance, traditional clustering methods based on stable technical artifacts may become less reliable over time,” says Mohammad Kazem Hassan Nejad, senior researcher at WithSecure.
The toolset in detail
| Tool | Delivery vector | Core capabilities |
|---|---|---|
| PhantomMail | Spear‑phishing emails with malicious ZIP/RAR links hosted on Google Drive or 4sync | JavaScript loader that drops a decoy document and launches the next stage |
| PhantomRelay | PowerShell‑based RAT delivered via the loader | System profiling, command execution, file enumeration, screenshot capture |
| PhantomClick | Fake CAPTCHA pages that mimic Zoom or LAPAS | Executes a PowerShell command when the user solves the captcha, chaining to PhantomRelay |
| PrincessClub | Counterfeit Ukrainian adult‑club sites | Deploys FallSpy (Android spyware) or LegionRelay (Windows RAT). Later versions add a WebRTC call to capture audio/video |
| DroneLink | Charitable‑foundation sites supporting the Ukrainian armed forces | Installs WireGuard tunnels and drops LegionRelay |
| Nebo | Russian‑language login‑screen clone | Lures Ukrainian military personnel into installing FallSpy |
LegionRelay is the most technically interesting component. It is a lightweight PowerShell RAT that can:
- Enumerate and exfiltrate files, browser data, and messaging app stores (Telegram, WhatsApp)
- Capture screenshots and webcam feeds
- Set up RDP tunnels for remote control
- Persist via a custom watchdog script that restarts the payload if terminated
The AI‑generated parts of LegionRelay show a mix of clever tricks and sloppy mistakes. For example, the obfuscation routine contains a malformed base‑64 decoder that crashes on certain Windows locales—an error unlikely from a seasoned nation‑state team but plausible when a language model drafts code without thorough testing.
How AI is being weaponized
The report identifies three primary AI use‑cases:
- Image generation – Ideogram AI creates convincing fake captcha pages and adult‑club thumbnails, making lures look legitimate at scale.
- Code synthesis – Prompting ChatGPT or Gemini with “generate a PowerShell loader that evades Windows Defender” yields functional, albeit occasionally buggy, scripts.
- Operational automation – Large language models assist in drafting phishing email copy, crafting domain names that resemble Ukrainian NGOs, and even suggesting command‑and‑control (C2) infrastructure layouts.
These capabilities let a small team produce a high volume of tailored attacks without deep in‑house development expertise. The trade‑off is a higher incidence of implementation errors, which security teams can exploit.
Practical steps for defenders
1. Hunt for AI‑specific artefacts – Look for generic placeholder strings often used in AI‑generated code (e.g., let x = "TODO";, function foo(){}) and for image‑metadata tags that reference AI services.
2. Monitor fake‑captcha traffic – The domains used for PhantomClick and similar lures resolve to cloud providers (Google Cloud, AWS) with short‑lived certificates. Threat‑intel feeds that flag newly registered domains with keywords like zoom‑login or captcha can provide early warning.
3. Deploy behavioural analytics on PowerShell – LegionRelay’s execution pattern includes a rapid succession of Invoke‑Expression, IEX, and Start‑Process calls. Enabling PowerShell script block logging and feeding the logs into a SIEM with a rule that flags more than three IEX invocations within a minute can surface the infection chain.
4. Harden email gateways – Enforce attachment sandboxing for ZIP/RAR files from external senders, and block outbound connections to known file‑sharing services (Google Drive, 4sync) from corporate endpoints unless explicitly required.
5. Leverage community intel – WithSecure has published YARA rules for the various loaders and the LegionRelay binary. Adding these signatures to endpoint detection platforms (Microsoft Defender for Endpoint, CrowdStrike, etc.) improves detection speed.
Looking ahead
GREYVIBE illustrates how AI can lower the barrier to entry for sophisticated espionage campaigns. While the group’s operational security mistakes suggest a hybrid composition rather than a fully professional state unit, the strategic alignment with Russian interests means the threat will likely persist.
Security teams should treat AI‑generated malware as a moving target: signatures will age quickly, but behavioural indicators—such as repeated use of PowerShell IEX pipelines, suspicious WireGuard tunnel creation, and abnormal captcha‑page traffic—remain reliable detection anchors.
Staying ahead will require a blend of traditional threat‑intel sharing, automated hunting for AI artefacts, and continuous hardening of email and endpoint controls.
For deeper technical details, see WithSecure’s full report and the accompanying YARA rules on their GitHub repository.
Comments
Please log in or register to join the discussion