A Russia-linked threat group, known as GREYVIBE, has been leveraging artificial intelligence tools, including OpenAI's ChatGPT, to facilitate its cyber espionage operations against Ukrainian targets since at least August 2025. The group's tactics involve using AI to craft sophisticated lures, such as spear-phishing emails and fake CAPTCHA pages, to trick victims into divulging sensitive information. GREYVIBE's campaign has targeted a wide range of organizations, including military, government, and civilian entities. The use of AI tools has enabled the group to streamline its operations, from building malware to setting up infrastructure. This state-aligned activity marks a significant shift in the threat model, as it involves geopolitical motivations rather than purely criminal intentions1. This development matters to cybersecurity practitioners, as it requires a different approach to mitigation and defense, one that takes into account the unique characteristics of nation-state sponsored attacks.
Russia-linked threat group put ChatGPT to work from lure to payload
⚠️ Critical Alert
Why This Matters
State-aligned activity involving Google shifts the threat model from criminal to geopolitical — different playbook required.
References
- The Register. (2026, May 29). Russia-linked threat group put ChatGPT to work from lure to payload. *The Register*. https://www.theregister.com/research/2026/05/29/russia-linked-threat-group-put-chatgpt-to-work-from-lure-to-payload/5248368
Original Source
The Register
Read original →