The first Chrome zero-day vulnerability of 2025, CVE-2025-2783, has been exploited in a state-sponsored cyberespionage campaign called Operation ForumTroll, which targeted organizations in Russia. The campaign utilized sophisticated malware such as LeetAgent and potentially Memento Labs’ Dante, employing phishing and sandbox escape techniques. #CVE-2025-2783 #OperationForumTroll #LeetAgent #MementoLabs #HackingTeam
Keypoints
- The exploited vulnerability CVE-2025-2783 affected Google Chrome and was used in cyberespionage operations.
- Operation ForumTroll primarily targeted Russian organizations in education, finance, government, media, and research sectors.
- The malware payload, LeetAgent, can receive commands via HTTPS, log keystrokes, and steal files.
- Hacking Team’s spyware, Dante, was not used in this campaign but shares similarities with the malware employed.
- The campaign involved advanced techniques like sandbox escapes, registry hijacking, and sophisticated persistence mechanisms.
Read More: https://www.securityweek.com/chrome-zero-day-exploitation-linked-to-hacking-team-spyware/