Kaspersky reports the exploitation of a new Chrome zero-day (CVE-2025-2783) in Operation ForumTroll, a state-sponsored cyberespionage campaign targeting finance, government, and other critical sectors in Russia. The attack deployed LeetAgent spyware, which has been linked to the advanced Dante surveillance tool from Memento Labs (formerly Hacking Team), suggesting a sophisticated supply chain for state-backed cyber threats. This incident underscores the increasing risk from advanced persistent threats leveraging commercial spyware against high-value targets.
Kaspersky's report details "Operation ForumTroll," a state-sponsored cyberespionage campaign exploiting a Chrome zero-day (CVE-2025-2783) to deploy LeetAgent spyware against critical sectors including finance and government in Russia. This highlights a significant escalation in advanced persistent threats, utilizing sophisticated sandbox escape techniques and personalized phishing. The campaign's use of LeetAgent, linked to Memento Labs' (formerly Hacking Team) advanced Dante spyware, underscores the increasing availability and deployment of commercial-grade offensive cyber tools by state actors. This commercialization of sophisticated surveillance technology elevates the baseline threat level for high-value targets globally, indicating a mature and accessible market for such capabilities. Notably, the spyware's command-and-control server utilized Fastly.net cloud infrastructure. While Fastly (FSLY) is not implicated in the attack, its platform's use by state-sponsored threat actors for malicious purposes could prompt scrutiny regarding platform security and potential reputational risks for cloud service providers.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
strongly negative
Sentiment Score
-0.75
Ticker Sentiment
