The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky.
The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as having come under active exploitation as part of a campaign dubbed Operation ForumTroll targeting organizations in Russia. The cluster is also tracked as TaxOff/Team 46 by Positive Technologies and Prosperous Werewolf by BI.ZONE. It’s known to be active since at least February 2024.
The wave of infections involved sending phishing emails containing personalized, short-lived links inviting recipients to the Primakov Readings forum. Clicking the links through Google Chrome or a Chromium-based web browser was enough to trigger an exploit for CVE-2025-2783, enabling the attackers to break out of the confines of the program and deliver tools developed by Memento Labs.
Headquartered in Milan, Memento Labs (also stylized as mem3nt0) was formed in April 2019 following the merger of InTheCyber Group and HackingTeam (aka Hacking Team), the latter of which has a history of selling offensive intrusion and surveillance capabilities to governments, law enforcement agencies, and corporations, including creating spyware designed to monitor the Tor browser.
Most notably, the infamous surveillance software vendor suffered a hack in July 2015, resulting in the leak of hundreds of gigabytes of internal data, including tools and exploits. Among these was an Extensible Firmware Interface (EFI) development kit dubbed VectorEDK that would later go on to become the foundation for a UEFI bootkit known as MosaicRegressor. In April 2016, the company courted a further setback after Italian export authorities revoked its license to sell outside of Europe.
In the latest set of attacks documented by the Russian cybersecurity vendor, the lures targeted media outlets, universities, research centers, government organizations, financial institutions, and other organizations in Russia with the primary goal of espionage.
“This was a targeted spear-phishing operation, not a broad, indiscriminate campaign,” Boris Larin, principal security researcher at Kaspersky Global Research and Analysis Team (GReAT), told The Hacker News. “We observed multiple intrusions against organizations and individuals in Russia and Belarus, with lures aimed at media outlets, universities, research centers, government bodies, financial institutions, and others in Russia.”
Most notably, the attacks have been found to pave the way for a previously undocumented spyware developed by Memento Labs called LeetAgent, owing to the use of leetspeak for its commands.
The starting point is a validator phase, which is a small script executed by the browser to check if the visitor to the malicious site is a genuine user with a real web browser,…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
