THE report discusses GREYVIBE, a Russian-linked hacking group active since 2025, targeting Ukrainian entities through AI-assisted malware across multiple attack vectors. Despite using sophisticated tactics, GREYVIBE exhibits notable operational mistakes that allow for easier identification. Their tactics include spear-phishing, fake websites, and malware deployment via various methods. The group employs custom-developed tools and leverages AI for tasks like code development and image generation.
The report highlights their dual nature, aligning with state interests yet showing signs of cybercrime. Their operational maturity is questionable, as they also engage in activities like cryptocurrency mining, revealing lapses in their operational security. The researchers suggest connections between GREYVIBE and known cybercrime networks, complicating attribution to the Russian state.