LIVE FEED
GreyVibe Deploys ChatGPT and Gemini in LLM Attack Chain

GreyVibe Deploys ChatGPT and Gemini in LLM Attack Chain

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 SecurityWeek

WithSecure has documented GreyVibe, a Russia-nexus threat actor systematically deploying ChatGPT, Google Gemini, and Ideogram AI across every phase of its attack chain — from phishing lure creation to custom malware development — against Ukrainian targets since August 2025. The group's LLM-assisted malware, LegionRelay, contained design flaws introduced during AI-generated development, which paradoxically allowed researchers to track the group over an extended period. The case illustrates both the operational leverage AI provides to moderately skilled threat actors and the novel forensic signatures that AI-assisted development can inadvertently introduce.

GreyVibe Uses ChatGPT and Gemini for Ukraine Cyberespionage

GreyVibe Uses ChatGPT and Gemini for Ukraine Cyberespionage

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 BleepingComputer

A likely Russian threat group dubbed GreyVibe has been actively using commercial LLMs — including ChatGPT and Google Gemini — to generate high-quality phishing lures, malware tooling, and social-engineering content targeting Ukrainian military, government, and civilian organisations. WithSecure researchers identified LLM artefact markers embedded in campaign imagery, confirming AI-assisted content generation at scale. The case represents a concrete, documented example of adversarial LLM weaponisation in an active nation-state-adjacent cyberespionage campaign.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.