BBLabs NewsBBLabs News
NewsAll articlesTopics
ES
BBLabs NewsBBLabs News

BBLabs News

Una historia al día. Cero ruido.

Newsletter técnica de ciberseguridad. Una historia al día sobre CVEs críticos, brechas, bug bounty e IA. Filtrado por IA, escrito para humanos.

Producto

  • Hemeroteca
  • Ediciones
  • Temas
  • Glosario
  • RSS
  • Atom
  • JSON Feed

Editorial

  • Acerca de
  • Suscribirse
  • Cuenta
  • English

Legal

  • Privacidad
  • Términos
  • Contacto: team@bblabs.es

Conectar

  • YouTube · @0xGorka
  • Instagram · @bblabs.es
  • Discord BBLabs
  • Discord Bug Bounty ES
31 artículos·10 ediciones·Desde 2026·Hecho en España
© 2026 BBLabs News·Por Gorka El Bochi
BBLabs NewsBBLabs News
NewsAll articlesTopics
ES
GreyVibe uses ChatGPT & Gemini to power cyberattacks
Back to homeIA

GreyVibe uses ChatGPT & Gemini to power cyberattacks

Russian-linked GreyVibe cluster weaponizes ChatGPT and Gemini to generate phishing lures targeting Ukrainian organizations.

  1. Home
  2. ›
  3. IA
  4. ›
  5. GreyVibe uses ChatGPT & Gemini to power cyberattacks
by Gorka El Bochi Morillo
·
1 min read
·June 1, 2026

What happened

GreyVibe, a likely Russian-nexus threat cluster, has been running active operations against Ukrainian organizations. The defining trait: the group uses ChatGPT and Gemini — off-the-shelf commercial AI models — to generate phishing lures with high linguistic quality.

The result bypasses the classic "bad grammar" detection heuristic defenders have relied on for years. Lures are contextually plausible, linguistically accurate, and *tailored to each target's language and operational context*.

GreyVibe pairs these AI-crafted lures with a custom malware toolkit. The AI handles the delivery layer; the malware handles post-compromise operations.

Why it matters

Producing credible spear-phishing at scale used to require native speakers and significant operational investment. ChatGPT and Gemini eliminate that friction. Any cluster with a paid API account can now generate hundreds of personalized lures per day.

APTs (state-sponsored hacker groups) don't need to train proprietary models. Commercial tools are sufficient — and because they're globally distributed, detecting *which model* generated a lure offers no defensive signal.

This breaks a core detection heuristic: flagging phishing by poor writing quality. That indicator is now unreliable against AI-assisted campaigns.

What to do

  • SOC (Security Operations Center — the team monitoring threats in real time): pull fresh GreyVibe IOC (technical fingerprints that identify an attack) feeds and update detection rules in your SIEM (centralized security event monitoring platform).
  • Ops/IT: run awareness sessions for users exposed to Ukraine, defense, or geopolitical topics — these are the primary lure themes for this cluster.
  • Developers: if ChatGPT or Gemini APIs are in your stack, verify that usage logs and prompt context can't leak sensitive organizational data to external actors.

GreyVibe is a signal, not an outlier. Generative AI is already standard offensive infrastructure. Defenders who don't adapt their TTPs (tactics, techniques, and procedures — the attacker's playbook) to LLM-polished content will see systematic false negatives going forward.

What to do

  • Pull fresh GreyVibe IOC feeds into your SIEM today
  • Tune anti-phishing filters to catch linguistically polished AI lures
  • Run spear-phishing drills focused on grammar-perfect AI-generated content

Share this story

Help more people discover BBLabs News.

GreyVibe uses ChatGPT & Gemini to power cyberattacks
VerticalDownload image
LinkedInXWhatsApp

Interested in IA?

Subscribe to this stream and get the most relevant news every day — no spam, no noise.

Subscribe

Related articles

Destacado
IA4 jun 2026·2 min

Malicious npm targets Claude AI user directory

npm package `mouse5212-super-formatter` exfiltrates files from Claude AI's user data directory to GitHub.

  • Audit global npm dependencies with `npm ls -g` to catch unknown packages.
  • Review `/mnt/user-data` contents and treat any sensitive files there as compromised.
  • Block unexpected outbound traffic to `api.github.com` from dev processes in your SIEM.
Gorka El Bochi Morillo
Leer artículo
IA3 jun 2026·2 min

ChatGPhish: how ChatGPT web summaries become phishing lures

ChatGPT's web summary renderer trusts external Markdown, enabling indirect prompt injection attacks that deliver phishing links inside trusted AI responses.

Leer artículo
IA2 jun 2026·2 min

Claude Mythos goes public: what the security delay means

Anthropic confirms Mythos-class Claude models will reach the public after a delay over software security risks.

Leer artículo

Want to get news like this every day?

Browse all articles
BBLabs NewsBBLabs News

BBLabs News

Una historia al día. Cero ruido.

Newsletter técnica de ciberseguridad. Una historia al día sobre CVEs críticos, brechas, bug bounty e IA. Filtrado por IA, escrito para humanos.

Producto

  • Hemeroteca
  • Ediciones
  • Temas
  • Glosario
  • RSS
  • Atom
  • JSON Feed

Editorial

  • Acerca de
  • Suscribirse
  • Cuenta
  • English

Legal

  • Privacidad
  • Términos
  • Contacto: team@bblabs.es

Conectar

  • YouTube · @0xGorka
  • Instagram · @bblabs.es
  • Discord BBLabs
  • Discord Bug Bounty ES
31 artículos·10 ediciones·Desde 2026·Hecho en España
© 2026 BBLabs News·Por Gorka El Bochi