Operation ForumTroll phishing and Chrome zero-day campaign against Russian organizations
Campaign
Summary
Hide ▲
Show ▼
Operation ForumTroll was exposed as a targeted phishing campaign that used a Google Chrome zero-day to compromise selected Russian organizations. The operation mattered because the lure pages delivered malware and enabled stealthy access through a browser exploit. Targeting spanned media outlets, universities, research centers, government organizations, and financial institutions. The campaign had already been active earlier this year and was uncovered in March.
Related Happenings
Fake Gemini CLI and Claude Code SEO-poisoning infostealer campaign
Campaign
First: 22.05.2026 14:30
Last: 22.05.2026 14:30
Sources 1
About this happening:
**Cyber threat actors** ran a **malicious SEO-poisoning campaign** that impersonated **Google Gemini CLI** and **Anthropic Claude Code** to push malicious downloads. The operation...
Fake Gemini CLI and Claude Code SEO-poisoning infostealer campaign
CampaignAbout this happening: **Cyber threat actors** ran a **malicious SEO-poisoning campaign** that impersonated **Google Gemini CLI** and **Anthropic Claude Code** to push malicious downloads. The operation...
Webworm expanded European government and South Africa university espionage campaign
Campaign
First: 20.05.2026 14:30
Last: 20.05.2026 14:30
Sources 1
About this happening:
Webworm expanded its **2025 espionage campaign** into **European government organizations** and a **university in South Africa**, widening the cross-region targeting risk. The ope...
Webworm expanded European government and South Africa university espionage campaign
CampaignAbout this happening: Webworm expanded its **2025 espionage campaign** into **European government organizations** and a **university in South Africa**, widening the cross-region targeting risk. The ope...
MuddyWater broad cyber-espionage campaign across sectors and countries
Campaign
First: 14.05.2026 00:59
Last: 14.05.2026 00:59
Sources 1
About this happening:
**MuddyWater** was tied to a **2026 espionage campaign** affecting **at least nine organizations** across **nine countries** on **four continents**, with victims in **industrial a...
MuddyWater broad cyber-espionage campaign across sectors and countries
CampaignAbout this happening: **MuddyWater** was tied to a **2026 espionage campaign** affecting **at least nine organizations** across **nine countries** on **four continents**, with victims in **industrial a...
HeartlessSoul phishing and malvertising espionage campaign targeting aerospace firms and drone operators
Campaign
First: 11.05.2026 15:00
Last: 11.05.2026 15:00
Sources 1
About this happening:
The **HeartlessSoul** operation is using **phishing** and **malvertising** to target **aerospace firms and drone operators**, raising the risk of **geospatial data theft** from co...
HeartlessSoul phishing and malvertising espionage campaign targeting aerospace firms and drone operators
CampaignAbout this happening: The **HeartlessSoul** operation is using **phishing** and **malvertising** to target **aerospace firms and drone operators**, raising the risk of **geospatial data theft** from co...
Vercel v0.dev phishing campaign using GenAI-built lure pages
Campaign
First: 07.05.2026 11:30
Last: 07.05.2026 11:30
Sources 1
About this happening:
A campaign using **Vercel v0.dev** to build **highly convincing phishing pages** has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity...
Vercel v0.dev phishing campaign using GenAI-built lure pages
CampaignAbout this happening: A campaign using **Vercel v0.dev** to build **highly convincing phishing pages** has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity...
Timeline
-
17.12.2025 16:54 1 articles · 5mo ago
Operation ForumTroll targets Russian scholars with fake eLibrary emails
Campaign Scope UpdateKaspersky reported on December 17, 2025 that it detected a new Operation ForumTroll phishing wave in October 2025 targeting Russian scholars and researchers in political science, international relations, and global economics at major Russian universities and research institutions. The attackers used fake eLibrary emails from support@e-library[.]wiki, hosted a copy of elibrary[.]ru on e-library[.]wiki, and personalized ZIP archives named <LastName>_<FirstName>_<Patronymic>.zip for the targeted individuals.
Show sources
- New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails — thehackernews.com — 17.12.2025 16:54
-
27.10.2025 18:37 1 articles · 7mo ago
Kaspersky details Operation ForumTroll exploit chain and Memento Labs link
Technical Analysis UpdateKaspersky detailed Operation ForumTroll against Russian organizations, saying a phishing email with personalized, short-lived links led targets to a malicious site where a validator script filtered visitors, CVE-2025-2783 in Chromium-based browsers enabled shellcode execution and a persistent loader, and the DLL decrypted LeetAgent; the same analysis linked older attacks in Russia and Belarus to Dante and attributed the spyware to Memento Labs with high confidence, while also noting Chrome 134.0.6998.178 and Firefox 136.0.4 had already fixed the related browser flaws.
Show sources
- Italian spyware vendor linked to Chrome zero-day attacks — www.bleepingcomputer.com — 27.10.2025 18:37