216.73.217.80

Operation ForumTroll exploits zero-days in Google Chrome

· Published 25/03/2025 23:09 · Modified 26/03/2025 13:20

Export JSON

Essential information

Published
25/03/2025 23:09
Modified
26/03/2025 13:20
Tags
2025-03-25 CVE-2025-2783 apt google chrome phishing sandbox escape trojan.win64.agent trojan.win64.convagent.gen zero-day
Related entities
1 intrusion sets (apt), 16 techniques (mitre), 2 malware, 4 others

Description

In March 2025, a sophisticated malware campaign exploited a vulnerability in to infect targets. The attack, dubbed Operation ForumTroll, used personalized emails with short-lived links to deliver malware. Kaspersky detected the exploit, reported it to Google, and an update was released to fix the vulnerability (). The campaign targeted media outlets, educational institutions, and government organizations in Russia, disguising itself as invitations to the 'Primakov Readings' forum. The attackers' goal appears to be espionage, and the sophistication of the malware suggests a state-sponsored group is behind the operation. The exploit chain involved and remote code execution, though only the former was fully analyzed.

External references