Russia-Linked Threat Group Put ChatGPT to Work From Lure to Payload

The rise of generative AI has transformed more than just content creation; it is reshaping the cyber‑threat landscape. Large language models (LLMs) such as ChatGPT and Gemini can produce code snippets, craft convincing phishing narratives, and even suggest obfuscation techniques in seconds. Threat actors no longer need deep programming expertise to assemble functional malware, a shift that security analysts are tracking closely. Recent reports, including the WithSecure brief on the GREYVIBE group, underscore how these tools are being weaponized in real‑world campaigns, signaling a new era where AI becomes a force multiplier for illicit actors.

GREYVIBE’s operations demonstrate AI integration at every stage of an intrusion. The group deployed AI‑generated spear‑phishing emails, fake CAPTCHA pages, and counterfeit adult‑club websites to lure Ukrainian military, government, and business personnel. Once a victim clicked, AI‑assisted scripts spun up command‑and‑control servers, generated the LegionRelay payload, and even produced obfuscation wrappers. Despite this sophistication, the operators left tell‑tale artefacts—public uploads of malware, whimsical file names, and misconfigurations—that allowed researchers to trace the infrastructure. Notably, design flaws in the AI‑crafted LegionRelay code exposed backend details, giving defenders a rare glimpse into the group’s inner workings.

The broader implication is a widening gap between threat capability and defender preparedness. Security vendors debate whether AI will create a new class of elite hackers or simply amplify the productivity of existing criminals; GREYVIBE leans toward the latter. Organizations must augment traditional detection with AI‑aware analytics, monitor for AI‑generated content patterns, and enforce strict controls on outbound AI queries. Policymakers, too, face the challenge of regulating powerful LLMs without stifling innovation. As AI continues to democratize advanced cyber tools, vigilance and adaptive defenses will be essential to mitigate the emerging risk.