| SYMBOL | COMMON_NAME | aka. SYNONYMS |
GREYVIBE is a low-to-moderately sophisticated threat actor associated with Russian state interests, primarily targeting Ukrainian entities. The group employs custom malware like LegionRelay and PhantomRelay, utilizing techniques such as decoy-and-payload execution logic and systematic use of GenAI and LLMs throughout their operations. Their campaigns exhibit operational overlaps with other groups, including shared C2 infrastructure and post-compromise tooling. WithSecure has identified design flaws in their malware that have provided insights into their victimology and operational behavior.
| 2026-05-28
⋅
GREYVIBE: A Russia-nexus group leveraging AI across state-aligned operations LegionRelay PhantomRelay |
| 2026-05-28
⋅
WithSecure
⋅
GREYVIBE: A Russia-nexus group leveraging AI across state-aligned operations GreyVibe |