Key Findings Russian-linked threat actor GREYVIBE has conducted persistent cyberattacks against Ukraine and Ukrainian entities since at least August 2025 The group operates from Russian time zones and aligns with Kremlin state interests, particularly intelligence gathering related to the Russo-Ukrainian war GREYVIBE employs five distinct attack chains using spear-phishing, fake CAPTCHA pages, and fraudulent websites to deliver custom malware The group leverages generative AI