A zero-day vulnerability in Google Chrome was exploited in Operation ForumTroll, delivering malware linked to the Italian spyware firm Memento Labs, which originated from Hacking Team. The campaign targeted Russian organizations with phishing emails, using the exploit CVE-2025-2783 to deploy sophisticated spyware such as LeetAgent and Dante. #CVE-2025-2783 #MementoLabs #HackingTeam #OperationForumTroll
Keypoints
- Operation ForumTroll exploited a Chrome zero-day vulnerability to deliver malware.
- The attack targeted Russian media, government, and research organizations via phishing emails.
- Malware used includes LeetAgent, a modular spyware with command and control features.
- Memento Labs, the successor of Hacking Team, developed the Dante spyware linked to the campaign.
- Google patched the vulnerability in Chrome version 134.0.6998.178, closing the exploit vector.