
Operation ForumTroll: Chrome Zero-Day Tied to Italian Spyware Developer Memento Labs
From Daily Security Review by Daily Security Review
October 29, 2025 · 37 min · Episode 322
About this episode
The episode discusses Operation ForumTroll, a cyber-espionage operation linked to Italian spyware developer Memento Labs, exploiting a Chrome zero-day vulnerability to target organizations in Russia and Belarus.
A newly uncovered cyber-espionage operation known as Operation ForumTroll has revealed the resurgence of commercial spyware in state-sponsored surveillance campaigns. According to new research from Kaspersky, the campaign exploited a Google Chrome zero-day vulnerability (CVE-2025-2783) and targeted Russian and Belarusian organizations in government, research, and media sectors. The attacks were traced to tools developed by Memento Labs, the Italian surveillance vendor formerly known as the Hacking Team, whose legacy spyware once sparked global controversy for being sold to authoritarian regimes. The operation began with highly tailored phishing emails disguised as invitations to the “Primakov Readings” — a major international policy forum — luring recipients into visiting short-lived malicious links. Once clicked, victims were redirected to a drive-by exploit that leveraged the Chrome sandbox escape vulnerability, allowing attackers to execute code on the underlying operating system. Kaspersky’s researchers later identified a similar flaw in Firefox (CVE-2025-2857), broadening the attack surface for the same threat actors. Once inside, the attackers deployed a dual-implant…
Topics covered
- cyber-espionage
- commercial spyware
- state-sponsored surveillance
- phishing attacks
- vulnerability exploitation
Keywords
- cyber-espionage
- spyware
- Memento Labs
- Chrome zero-day
- phishing
- vulnerability
- Kaspersky
Mentioned in this episode
Organizations: Kaspersky, Memento Labs, Hacking Team
Products: LeetAgent, Dante, Google Chrome, Firefox
Places: Russia, Belarus
More episodes of Daily Security Review
- Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad” · October 29, 2025 · 27 min
- Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025 · October 28, 2025 · 26 min
- Firefox Add-Ons Must Declare Data Collection—or Be Rejected · October 28, 2025 · 29 min
- Chainguard’s $3.5 Billion Valuation Signals Massive Investor Confidence in Secure-by-Default Software · October 28, 2025 · 25 min
- $1 Million WhatsApp Exploit Withdrawn—Researcher Silent, Meta Calls It “Low-Risk” · October 28, 2025 · 20 min
- OpenAI Atlas Omnibox Jailbreak Exposes New AI Security Flaw · October 27, 2025 · 35 min
Explore listener stats, chart rankings, contacts and more on the Daily Security Review podcast page.