Today WithSecure publishes new research on GREYVIBE – a previously undocumented Russia-nexus group conducting operations against Ukrainian military, government, and business targets since August 2025.
The headline finding isn't the targeting. It's the AI use. GREYVIBE systematically used ChatGPT, Gemini, and image generation tools across every phase of their operation – lures, malware, obfuscation, post-compromise tooling. Design flaws in their LLM-built malware gave our researchers months of direct visibility into live attacker behaviour.
The takeaway for Europe: AI is closing the capability gap. Actors that previously lacked the skills for this kind of operation can now run it. That changes the threat picture for mid-market organisations across the continent.
📄 Read the research: GREYVIBE: A Russia-nexus group leveraging AI across state-aligned operations | WithSecure™ Labs
🎙️ Join our researcher as he goes deeper in an upcoming webinar – register here: GREYVIBE Threat Intelligence Briefing
