{"id":258450,"date":"2026-05-28T18:24:00","date_gmt":"2026-05-28T22:24:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/28\/greyvibe-hackers-use-chatgpt-gemini-to-power-cyberattacks\/"},"modified":"2026-05-29T04:50:10","modified_gmt":"2026-05-29T08:50:10","slug":"greyvibe-hackers-use-chatgpt-gemini-to-power-cyberattacks","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/28\/greyvibe-hackers-use-chatgpt-gemini-to-power-cyberattacks\/","title":{"rendered":"GreyVibe hackers use ChatGPT, Gemini to power cyberattacks"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/greyvibe-hackers-use-chatgpt-gemini-to-power-cyberattacks\/\">GreyVibe hackers use ChatGPT, Gemini to power cyberattacks<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/greyvibe-hackers-use-chatgpt-gemini-to-power-cyberattacks\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/greyvibe-hackers-use-chatgpt-gemini-to-power-cyberattacks\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-28 18:24:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>A likely Russian threat group tracked as GreyVibe has been using AI-generated lures and a rich set of custom malware tools to target entities in the military, government, civilian, and business sectors.<\/p>\n<p>The cyberespionage campaign has been active since at least August 2025 and appears to align with Russian state interests, although researchers cannot confidently classify it as a nation-state operation.<\/p>\n<p>Cybersecurity company WithSecure discovered the activity in January this year and determined that its focus is on Ukrainian or Ukraine-related organizations.<\/p>\n<p>The link to a Russian-speaking threat actor is supported by the language for the malware panels, comments in code artifacts, and command-and-control (C2) server time configured to UTC+3 (Moscow time).<\/p>\n<p>According to the researchers, GreyVibe has used several attack chains against its targets, including:<\/p>\n<ul>\n<li>PhantomMail: Spear-phishing emails delivering malicious ZIP\/RAR archives via Google Drive and 4sync links, using decoy PDFs or fake errors while deploying malware. The observed lures impersonated Ukrainian government, emergency, telecom, and energy entities.<\/li>\n<li>PhantomClick: Fake CAPTCHA\/ClickFix pages disguised as Zoom and LAPAS sites trick victims into running self-infecting commands through fake Cloudflare verification prompts.<\/li>\n<li>PrincessClub: Fake Ukrainian adult\/dating websites delivering FallSpy Android spyware and PhantomRelay\/LegionRelay Windows malware. The operators used fake female Telegram personas and later added WebRTC-based live calls that could capture the victim&#8217;s audio\/video.<\/li>\n<li>DroneLink: Fake Ukrainian military charity websites themed around FPV drones and UAVs shared infrastructure and tooling with PrincessClub campaigns.<\/li>\n<li>Nebo: Fake \u201c\u0421\u041f\u041e \u041d\u0415\u0411\u041e\u201d Russian military communications login pages were likely designed to trick Ukrainian military personnel into believing they were accessing a Russian military terminal.<\/li>\n<\/ul>\n<p>The diversity and quality of these lures are notable, and&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/greyvibe-hackers-use-chatgpt-gemini-to-power-cyberattacks\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>GreyVibe hackers use ChatGPT, Gemini to power cyberattacks https:\/\/www.bleepingcomputer.com\/news\/security\/greyvibe-hackers-use-chatgpt-gemini-to-power-cyberattacks\/ Publish Date: 2026-05-28 18:24:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":258451,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2024\/06\/06\/Russian-spies.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,32,25,34],"class_list":["post-258450","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-malware","tag-phishing","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/258450"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=258450"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/258450\/revisions"}],"predecessor-version":[{"id":258452,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/258450\/revisions\/258452"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/258451"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=258450"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=258450"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=258450"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}