Analysis

The recent Kaspersky report details Operation ForumTroll, a sophisticated cyberattack leveraging a Google Chrome zero-day vulnerability (CVE-2025-2783) to deploy advanced LeetAgent and Dante spyware. This campaign specifically targeted Russian media outlets, universities, research centers, government organizations, and financial institutions. The malware is confidently attributed to Memento Labs, an Italian commercial spyware vendor formed from the notorious Hacking Team. The attack chain involved phishing emails with malicious links, exploiting the Chrome zero-day for shellcode execution and installing persistent loaders. LeetAgent, a modular spyware, enabled command execution, file operations, keylogging, and data theft, while Dante, sharing code similarities with Hacking Team's RCS, demonstrated advanced surveillance capabilities. This highlights the persistent and evolving threat posed by commercial spyware firms. Google addressed CVE-2025-2783 in Chrome version 134.0.6998.178 on March 26, with Mozilla also patching a related issue in Firefox. While the immediate vulnerability is patched, the incident, reflected in a moderately negative sentiment for GOOGL/GOOG (-0.3), underscores the critical need for continuous security updates and robust defense mechanisms against state-sponsored or commercially available advanced persistent threats.