Find notable cyber news and cases, enriched with sources, timelines, and signals.

Mem3nt0 mori Operation ForumTroll espionage campaign

Campaign
First reported
Last updated
Happening score
H score 40
1 unique sources, 1 articles

Summary

Hide ▲

Mem3nt0 mori ran Operation ForumTroll, a targeted espionage campaign that used personalized phishing and a Google Chrome zero-day to infect victims in Russia and Belarus. The operation mattered because it combined a browser exploit with short-lived malicious links that delivered code with no further user action. It focused on universities, research centers, financial institutions, and government agencies, showing a broad but clearly selected victim set.

Related Happenings

Rokarolla device-profiling targeting campaign

Campaign
H score32 First: 16.06.2026 23:04 Last: 16.06.2026 23:04 Sources 1

About this happening: The **Rokarolla** Android campaign now profiles infected devices to assign a **unique identifier** to each victim, enabling repeated tracking and coordinated financial-fraud activ...

UNC6508 China-linked REDCap espionage campaign

Campaign
H score39 First: 15.06.2026 17:00 Last: 15.06.2026 17:00 Sources 1

About this happening: **UNC6508** ran a **China-linked espionage campaign** against **exposed REDCap servers** used by **North American medical, academic, and military research networks**. The operatio...

Fake Gemini CLI and Claude Code SEO-poisoning infostealer campaign

Campaign
H score33 First: 22.05.2026 14:30 Last: 22.05.2026 14:30 Sources 1

About this happening: **Cyber threat actors** ran a **malicious SEO-poisoning campaign** that impersonated **Google Gemini CLI** and **Anthropic Claude Code** to push malicious downloads. The operation...

TamperedChef malvertising campaign distributing backdoor malware through trojanized PDFs

Campaign
H score37 First: 16.01.2026 14:05 Last: 16.01.2026 14:05 Sources 1

About this happening: The **TamperedChef** campaign is a **malvertising** operation that used **Google ads** and **more than 50 domains** to push a fake **AppSuite PDF Editor** and deliver the **Tamper...

APT24 BadAudio multi-delivery espionage campaign

Campaign
H score54 First: 21.11.2025 00:12 Last: 21.11.2025 00:12 Sources 1

About this happening: **APT24** is running a **three-year espionage campaign** with **BadAudio** that has expanded into multiple delivery methods, increasing the operation's reach and stealth. Since **...

Timeline

  1. 28.10.2025 18:00 1 articles · 8mo ago

    Kaspersky discloses Operation ForumTroll Chrome zero-day exploitation

    Initial Disclosure

    Kaspersky reported that CVE-2025-2783 in Google Chrome was exploited in Operation ForumTroll, a targeted espionage campaign against organizations in Russia and Belarus. The attack chain used highly personalized phishing emails inviting victims to the Primakov Readings forum, short-lived malicious links, and a sandbox escape exploit to compromise Chrome and other Chromium-based browsers. Kaspersky linked the activity to Mem3nt0 mori / ForumTroll APT and said the tooling appeared to involve Memento Labs products such as LeetAgent and Dante, while Google patched Chrome in version 134.0.6998.177/.178.

    Show sources