Operation ForumTroll is a sophisticated phishing campaign targeting individuals in Russia, utilizing zero-day Chrome vulnerabilities to deliver backdoors and spyware. The campaign features personalized emails and uses strategically aged domains to avoid detection, with ongoing threats observed since 2022. #OperationForumTroll #LeetAgent #Dante #Tuoni
Keypoints
- The threat actor behind Operation ForumTroll started targeting Russian individuals in 2022.
- The campaign exploits a zero-day Chrome vulnerability (CVE-2025-2783) to deliver malware.
- Attackers use personalized phishing emails claiming to be from eLibrary, hosting malware payloads.
- The malware includes a PowerShell-based payload called Tuoni, enabling remote access to infected devices.
- Other threat groups like QuietCrabs and Thor also target organizations with vulnerabilities in Microsoft and Ivanti systems.
Read More: https://thehackernews.com/2025/12/new-forumtroll-phishing-attacks-target.html