LIVE THREATS
HIGH Malicious npm Package Targets Claude AI Users via Supply Chain Attack // HIGH Multi-Agent LLM System Discovers 29 Zero-Day Vulnerabilities in Open-Source Projects // HIGH Russia-Linked GreyVibe Weaponises ChatGPT and Gemini Across Full Attack Lifecycle // HIGH Russian GreyVibe Group Weaponises ChatGPT and Gemini for Cyberespionage // MEDIUM SQLite Bans Agentic Code Submissions as AI Bug Report Floods Begin // MEDIUM AI Bills of Materials Emerge as Critical Tool for ML Supply Chain Risk // HIGH Anthropic's Claude Mythos Autonomously Uncovers 10,000 Critical Software Flaws // HIGH LLM Coding Agents Collapse Under Structural Constraints, Study Finds // MEDIUM SentinelOne Prompt Security Targets Agentic AI Trust Verification Gap // MEDIUM Google's Gemini Spark Agent Raises Prompt Injection Risks at Enterprise Scale //
ATLAS OWASP HIGH Significant risk · Prioritise patching LLM Security Industry News Research RELEVANCE ▲ 7.5

Russian GreyVibe Group Weaponises ChatGPT and Gemini for Cyberespionage

SOURCE BleepingComputer ↗
TL;DR HIGH
  • What happened: Russian-linked GreyVibe used ChatGPT and Gemini to craft realistic phishing lures targeting Ukrainian entities.
  • Who's at risk: Ukrainian military, government, telecom, and energy organisations are primary targets; any org in the conflict zone or supporting Ukraine is exposed.
  • Act now: Block or alert on LLM-generated content markers in email attachments and web assets · Train staff to recognise AI-enhanced phishing lures, including hyper-realistic decoy PDFs and fake CAPTCHA flows · Restrict execution of clipboard-injected commands and enforce application allowlisting to counter ClickFix-style delivery
Russian GreyVibe Group Weaponises ChatGPT and Gemini for Cyberespionage

Overview

A threat group tracked as GreyVibe — assessed with moderate confidence as Russian-aligned — has been running a multi-vector cyberespionage campaign since at least August 2025. Discovered by WithSecure in January 2026, the operation targets Ukrainian and Ukraine-adjacent organisations across military, government, civilian, and commercial sectors. What distinguishes GreyVibe from typical APT campaigns is the documented, forensically verified use of commercial large language models — including OpenAI’s ChatGPT, Google Gemini, and Ideogram AI — to generate lures, content, and tooling at scale.

LLM artefact markers were identified by WithSecure researchers directly within campaign imagery, providing rare empirical evidence of AI-assisted threat actor operations rather than speculation.

Technical Analysis

GreyVibe operated at least five distinct attack chains:

  • PhantomMail: Spear-phishing emails delivering malicious ZIP/RAR archives via Google Drive and 4sync. Decoy PDFs impersonated Ukrainian government, telecom, and energy entities.
  • PhantomClick: Fake CAPTCHA and ClickFix pages mimicking Zoom and LAPAS portals, using fake Cloudflare verification prompts to trick victims into self-executing malicious commands via clipboard injection.
  • PrincessClub: Fake adult/dating websites deploying FallSpy Android spyware and PhantomRelay/LegionRelay Windows malware. Operators used fake female Telegram personas and later escalated to WebRTC-based live calls capable of capturing victim audio and video.
  • DroneLink: Fake Ukrainian military charity sites themed around FPV drones and UAVs, sharing infrastructure and tooling with PrincessClub.
  • Nebo: Fake Russian military communications login pages designed to socially engineer Ukrainian military personnel.

AI tools were used to generate the realistic imagery, written content, and personas underpinning these campaigns. Custom malware families referenced include LOOKVALPS, LOOKVALJS, DAYLIGHT, and TEAS (names partially captured in the source). The C2 infrastructure operated on UTC+3 (Moscow time), and Russian-language artefacts appear throughout code comments and panel interfaces.

Framework Mapping

  • AML.T0047 (ML-Enabled Product or Service): GreyVibe directly leveraged public LLM APIs and products as force multipliers for content generation and social engineering.
  • AML.T0043 (Craft Adversarial Data): AI-generated imagery and documents were crafted to deceive targets and evade human suspicion.
  • LLM02 (Insecure Output Handling): LLM-generated content was deployed without safety controls being triggered in ways that caused downstream harm to end users.
  • LLM09 (Overreliance): Victims and potentially defenders may over-trust AI-generated artefacts as legitimate.

Impact Assessment

The immediate impact is concentrated on Ukrainian and Ukraine-supporting organisations. However, the operational template — using commodity LLMs to produce high-fidelity, localised phishing and social engineering content at low cost — is highly transferable. The documented forensic evidence of LLM use in an active espionage campaign sets a precedent and signals that AI-assisted threat operations will become a standard TTPs baseline rather than an emerging curiosity.

FallSpy Android spyware and the WebRTC audio/video capture capability represent a significant HUMINT-grade collection threat against individuals in sensitive roles.

Mitigation & Recommendations

  • Detect LLM artefacts: Implement tooling to scan inbound documents and images for known LLM generation markers (metadata, watermarking signals, stylistic signatures).
  • ClickFix / clipboard injection controls: Enforce policies that prevent execution of commands pasted from web content; deploy endpoint controls blocking PowerShell/cmd execution from browser processes.
  • Mobile device management: Restrict sideloading on organisational Android devices and deploy MTD (Mobile Threat Defence) solutions capable of detecting FallSpy-class spyware.
  • Personnel awareness: Brief high-risk staff — particularly those in military or government roles — on AI-enhanced social engineering including fake personas conducting live video calls.
  • Threat intelligence sharing: Circulate WithSecure’s IoCs across ISAC networks relevant to defence, energy, and government sectors.

References

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.