A cyber espionage group called “Forum Troll” has shifted its focus from corporate networks to targeting Russian political scientists and economists through sophisticated phishing campaigns. This campaign featured personalized social engineering and utilized known commercial red-teaming tools to infiltrate high-profile individuals. #ForumTroll #RussianAcademics
Keypoints
- Forum Troll changed its tactics from exploiting zero-day vulnerabilities to personalized social engineering attacks.
- The group targeted Russian scholars in political science, international relations, and economics at major universities.
- The phishing emails impersonated eLibrary, tricking victims into downloading malicious archives with tailored filenames.
- The infection chain used PowerShell, DLL payloads, COM Hijacking, and a commercial red-teaming framework called Tuoni for remote access.
- Operational security measures included one-time use links and filtering non-Windows devices to evade detection.