{"slug": "russia-linked-threat-group-put-chatgpt-to-work-from-lure-to-payload", "title": "Russia-linked threat group put ChatGPT to work from lure to payload", "summary": "A Russia-linked threat group known as GREYVIBE used ChatGPT and other AI tools throughout a cyberespionage campaign targeting Ukrainian military and government personnel. Researchers found the attackers employed the large language model to craft phishing lures and generate malicious payloads, marking an escalation in AI-assisted state-sponsored hacking. The operation demonstrates how adversaries are integrating generative AI into every stage of an attack chain to increase efficiency and evade detection.", "body_md": "### MOST POPULAR\n\n## EVENTS\n\n-\n### Overcoming the trade-offs in data sovereignty\n\nWhat does data sovereignty actually mean for your network, which trade-offs are unavoidable? Learn more.\n\n-\n### From Prompt to Exploit: How LLMs Are Changing API Attacks\n\nModern applications are API-driven, interconnected, and often over-permissioned, making them an ideal target for AI-assisted attacks.\n\n-\n### Architecting the Future: Unlocking Enterprise Data Services for Kubernetes\n\nJoin us to discover how to eliminate infrastructure silos and establish a standardized, enterprise-grade cloud-native platform.\n\n-\n### Catch the Advanced Attacks Microsoft 365 Misses with Behavioral AI Security\n\nMicrosoft 365 is the backbone of enterprise communication, and its native security filters out the known and the noisy.\n\n-\n### Virtual Cyber Recovery Sim\n\nStep into the chaos of a live ransomware breach, test your response skills, and team up with other IT and security pros to outsmart cybercriminals\n\n-\n### Virtual Cyber Recovery Simulation\n\nRansomware attacks aren’t slowing down, and neither are we. Druva’s hit event, Escape Ransomware, is now fully virtual.\n\n-\n### Agentic AI at Scale: From Pilot to Production\n\nJoin us to learn how to unlock real ROI by driving adoption of AI at scale.\n\n[AI](https://beta.theregister.com/tag/ai)\n\n-\nSecurity\n\n#### ChatGPT blindly trusts browser content, turning the page into a payload\n\nYou and me go ChatGPhish-ing in the dark\n\n-\nResearch\n\n#### Russia-linked threat group put ChatGPT to work from lure to payload\n\nResearchers say 'GREYVIBE' crew used AI tools throughout a campaign targeting Ukrainian military and government\n\n-\nScience\n\n#### Blue Origin's New Glenn makes a crater-sized dent in Artemis plans\n\nExplosion wrecks rocket and pad, leaving NASA's lunar ambitions looking less than launch-ready\n\n-\nCyber-Crime\n\n#### ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak\n\nTelco giant says no sensitive data was taken, though names, addresses, phones, and emails are now out there\n\n-\nSoftware\n\n#### That an app 'Fits on a Floppy' is still a useful measure in 2026\n\nIn a world of mass-produced bot-slopware, small is more beautiful than ever\n\n[Infosec](https://beta.theregister.com/security)\n\n-\nSecurity\n\n#### ChatGPT blindly trusts browser content, turning the page into a payload\n\nYou and me go ChatGPhish-ing in the dark\n\n-\nResearch\n\n#### Russia-linked threat group put ChatGPT to work from lure to payload\n\nResearchers say 'GREYVIBE' crew used AI tools throughout a campaign targeting Ukrainian military and government\n\n-\nScience\n\n#### Blue Origin's New Glenn makes a crater-sized dent in Artemis plans\n\nExplosion wrecks rocket and pad, leaving NASA's lunar ambitions looking less than launch-ready\n\n-\nCyber-Crime\n\n#### ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak\n\nTelco giant says no sensitive data was taken, though names, addresses, phones, and emails are now out there\n\n-\nSoftware\n\n#### That an app 'Fits on a Floppy' is still a useful measure in 2026\n\nIn a world of mass-produced bot-slopware, small is more beautiful than ever\n\n[FOSS](https://beta.theregister.com/tag/FOSS)\n\n-\n#### ChatGPT blindly trusts browser content, turning the page into a payload\n\nYou and me go ChatGPhish-ing in the dark\n\n-\n#### Russia-linked threat group put ChatGPT to work from lure to payload\n\nResearchers say 'GREYVIBE' crew used AI tools throughout a campaign targeting Ukrainian military and government\n\n-\n#### Blue Origin's New Glenn makes a crater-sized dent in Artemis plans\n\nExplosion wrecks rocket and pad, leaving NASA's lunar ambitions looking less than launch-ready\n\n-\n#### ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak\n\nTelco giant says no sensitive data was taken, though names, addresses, phones, and emails are now out there\n\n-\n#### That an app 'Fits on a Floppy' is still a useful measure in 2026\n\nIn a world of mass-produced bot-slopware, small is more beautiful than ever\n\n-\n#### Jammin' on UK defence secretary's jet as Russia blamed for GPS interference\n\nEstonian academic fingers mobile tower-mounted devices as Kremlin tries to swat Ukrainian forces\n\n[FEATURES](https://www.theregister.com/tag/features?_gl=1*esekfm*_ga*NzgyNjE4NzEwLjE3NzExNzQ4MjA.*_ga_JXW44Y23NM*czE3NzY3NTY3MjIkbzEwNSRnMSR0MTc3Njc1Njg5NCRqOCRsMCRoMA..)\n\n-\n### Europe built sovereign clouds to escape US control. Then forgot about the processors\n\n-\n### Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data\n\n-\n### Europe wants out from under US tech – but first it has to find the exits\n\n-\n### GNOME may rule Ubuntu Resolute Raccoon, but X.org isn't roadkill yet\n\n-\n### OpenClaw, but in containers: Meet NanoClaw\n\n-\n### Open source registries don't have enough money to implement basic security\n\n-\n### Contain your Windows apps inside Linux Windows\n\n-\n### The Linux mid-life crisis that's an opportunity for Tux-led transformation\n\n-\n### Too much AI for some, too little for others: Why AMD can't win with investors\n\n-\n### How agentic AI can strain modern memory hierarchies", "url": "https://wpnews.pro/news/russia-linked-threat-group-put-chatgpt-to-work-from-lure-to-payload", "canonical_source": "https://www.theregister.com/research/2026/05/29/russia-linked-threat-group-put-chatgpt-to-work-from-lure-to-payload/5248368", "published_at": "2026-05-29 11:49:45+00:00", "updated_at": "2026-05-29 12:11:04.199375+00:00", "lang": "en", "topics": ["large-language-models", "generative-ai", "ai-safety"], "entities": ["ChatGPT", "Russia"], "alternates": {"html": "https://wpnews.pro/news/russia-linked-threat-group-put-chatgpt-to-work-from-lure-to-payload", "markdown": "https://wpnews.pro/news/russia-linked-threat-group-put-chatgpt-to-work-from-lure-to-payload.md", "text": "https://wpnews.pro/news/russia-linked-threat-group-put-chatgpt-to-work-from-lure-to-payload.txt", "jsonld": "https://wpnews.pro/news/russia-linked-threat-group-put-chatgpt-to-work-from-lure-to-payload.jsonld"}}