THE content details the GREYVIBE threat actor group's cyber espionage activities targeting Ukraine, particularly since August 2025. Their operations involve complex social engineering tactics, with multi-vector attacks leveraging deceptive emails and fake security verification pages to infiltrate networks. Key campaigns include PhantomMail, which uses phishing emails with malevolent attachments, and the PrincessClub campaign that employs romantic lures to entice users into downloading malware.
The group also utilizes generative AI for creating sophisticated phishing tactics and malware. Their tools, such as PhantomRelay and LegionRelay, facilitate remote access and data theft. The threat actors exhibit indicators of both state-sponsored and criminal behavior, complicating attribution efforts.