Find notable cyber news and cases, enriched with sources, timelines, and signals.

GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations

Campaign
First reported
Last updated
Happening score
H score 39
2 unique sources, 2 articles

Summary

Hide ▲

GreyVibe is running an AI-assisted cyberespionage campaign against Ukrainian and Ukraine-related organizations, expanding the threat to military, government, civilian, and business targets. The operation has been active since at least August 2025 and uses multiple lure-and-delivery chains to push phishing, malware, and credential-theft workflows. Researchers linked the activity to a likely Russian-aligned operator set, though the group’s exact state affiliation remains unconfirmed.

Related Happenings

Scattered Spider reclassified as a decentralized collective of independent clusters

Threat Actor Meta
H score26 First: 07.07.2026 17:00 Last: 07.07.2026 17:00 Sources 1

About this happening: **Scattered Spider** has been reclassified as a **decentralized cybercrime collective**, changing how its persistence and resilience are understood. The shift suggests **independe...

Phantom squatting AI-hallucinated domain phishing campaign

Campaign
H score35 First: 01.07.2026 10:20 Last: 01.07.2026 10:20 Sources 1

About this happening: A **phantom squatting** campaign is turning **AI-hallucinated domains** into live phishing and malware lures, putting **AI-referred traffic** at immediate risk. Attackers are regi...

Russian intelligence Signal recovery-key phishing campaign

Campaign
H score29 First: 29.06.2026 11:15 Last: 29.06.2026 11:15 Sources 1

About this happening: An active **Russian intelligence** phishing campaign is impersonating **Signal** support to steal **Backup Recovery Keys**, **verification codes**, and **account PINs**, putting *...

Russian intelligence services fake support SMS messaging-account phishing campaign

Campaign
H score29 First: 27.06.2026 20:27 Last: 27.06.2026 20:27 Sources 1

About this happening: A **long-running phishing campaign** by **Russian intelligence services** is stealing **messaging-account credentials** from officials, military personnel, politicians, and activi...

OYSTERBLUES information-stealer delivery via spear-phishing

Malware Activity
H score27 First: 27.06.2026 20:27 Last: 27.06.2026 20:27 Sources 1

About this happening: The **OYSTERBLUES** malware activity used **compromised accounts** and **spear-phishing** to reach **government organizations**, increasing the risk of credential theft and follow...

Timeline

  1. 28.05.2026 03:00 3 articles · 1mo ago

    WithSecure links GreyVibe to an AI-assisted cyberespionage campaign against Ukraine-linked organizations

    Initial Disclosure

    WithSecure identified GreyVibe as a likely Russian threat group conducting cyberespionage against Ukrainian or Ukraine-related organizations, with activity active since at least August 2025 and discovered in January 2026. The operation used AI-generated lures and multiple custom tools to support spear-phishing, fake CAPTCHA/ClickFix pages, fake websites, and malware delivery across military, government, civilian, and business targets.

    Show sources