Analysis

A critical zero-day vulnerability (CVE-2025-2783) in Google Chrome was actively exploited in "Operation ForumTroll" starting March 2025, targeting financial institutions, universities, and government agencies in Russia and Belarus. This sophisticated campaign, attributed to Mem3nt0 mori APT, leveraged a sandbox escape exploit due to a logical oversight in Windows' pseudo-handle handling, allowing remote code execution. Google (GOOGL, GOOG) swiftly addressed the flaw in Chrome version 134.0.6998.177/.178. The attackers deployed advanced spyware, including LeetAgent and the Dante platform developed by Italian vendor Memento Labs, marking the first observed in-the-wild use of this commercial surveillance tool. This highlights the increasing sophistication and accessibility of such capabilities, enabling remote command execution and sensitive file exfiltration. The strongly negative sentiment (-0.6) and cautious tone reflect significant cybersecurity risks, particularly for institutions operating in sensitive geopolitical regions or handling critical data. The incident underscores the persistent overlap between state-aligned espionage and the global commercial spyware market, presenting a material concern for institutional security and data integrity.