WithSecure identifies GREYVIBE: Russia-linked threat group using AI in operations targeting Ukraine
By
Authors
The bagel they save for the regulars. Don't skim, savour.
Summary
WithSecure has identified a threat group tracked as GREYVIBE, active since at least August 2025, targeting Ukraine and Ukraine-related entities. The group leverages multiple attack vectors including spear-phishing emails, fake captcha pages, and fraudulent schemes. While significant overlaps in development and operational phases suggest a coordinated campaign, no definitive links to previously tracked threat groups have been established. The group is described as a Russia-nexus entity using AI across state-aligned operations.
Key quotes
· 4 pulledWithSecure identified an ongoing and persistent set of activity targeting Ukraine and Ukraine-related entities since at least August 2025.
Based on significant overlaps observed across both development and operational phases of the associated campaigns, WithSecure associates the activities with a threat group tracked as GREYVIBE.
At the time of writing, WithSecure has not identified definitive links between GREYVIBE and any previously tracked threat group.
The group has leveraged multiple attack vectors, including spear-phishing e-mails, fake captcha pages and fraudulent...
You might also wanna read
EU Sanctions Fail to Halt Bulletproof Host Stark Industries as It Rebrands and Transfers Assets
A bulletproof hosting provider called Stark Industries Solutions Ltd., which emerged just before Russia's 2022 invasion of Ukraine and becam
January 2026: Global Telnet Traffic Plummets 59% in Apparent Botnet Takedown
On January 14, 2026, GreyNoise Labs observed a dramatic 59% sustained reduction in global telnet traffic, with 18 ASNs going completely sile
labs.greynoise.io·4mo ago
Analysis of First Reported AI-Orchestrated Cyber Espionage Campaign Detected in 2025
The article describes the discovery and analysis of the first reported AI-orchestrated cyber espionage campaign detected in mid-September 20
anthropic.com·7mo ago
Kaspersky Researchers Document New Infection Chains and IoCs in Notepad++ Supply Chain Attack
Kaspersky GReAT experts discovered previously undocumented infection chains used in the Notepad++ supply chain attack that occurred from Jun
securelist.com·4mo ago
Dutch Police Arrest Hosting Company Owners for Enabling Russian Cyberattacks on EU
Dutch authorities arrested the co-owners of two hosting companies for operating IT infrastructure used by Russian intelligence agencies to c
Dutch Police Arrest Hosting Company Owners for Enabling Russian Cyberattacks on EU
Dutch authorities arrested the co-owners of two hosting companies for operating IT infrastructure used by Russian intelligence agencies to c