- Kaspersky said they were able to detect 10 spyware targets in Russia but declined to disclose who the victims were.
- Last June, Kaspersky discovered another espionage campaign, dubbed Operation Triangulation, that exploited two vulnerabilities in Apple devices.
- The campaign has been active since 2019 and attacks its targets by sending iMessages with malicious attachments.
The Russian government blamed this campaign on the U.S., alleging it hacked “thousands of Apple phones” to spy on Russian diplomats. Apple has denied these claims, and Kaspersky has not attributed Operation Triangulation to any government or known hacking group.
Russian media, academia targeted in espionage campaign using Google Chrome zero-day exploit
by Daryna Antoniuk March 27th, 2025
Russian security researchers discovered sophisticated new malware used in an espionage campaign targeting media outlets and educational institutions in the country.
The attacks, which exploited a zero-day vulnerability in Google Chrome, left the researchers at cybersecurity firm Kaspersky baffled. Without doing anything obviously malicious or forbidden, the hackers managed to bypass Google Chrome’s sandbox protection “as if it didn’t even exist,” they said.
“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” researchers said in their analysis published Tuesday.
The suspected espionage campaign, dubbed “Operation ForumTroll,” was identified by Kaspersky in mid-March.
The company discovered a wave of phishing emails impersonating organizers of a well-known Russian scientific and expert forum.
The emails contained malicious links that were customized for each target and only worked for a short time — likely to make it harder for investigators to study them. In every case, the victim became infected as soon as they clicked the link, which opened the attackers' website in Google Chrome. No further action was required to become infected, according to the researchers.
Due to the complexity of the operation and the tools used, Kaspersky believes the attack was carried out by state-sponsored hackers, though they have not attributed it to a specific country.
During the attack, hackers exploited a security flaw tracked as CVE-2025-2783 to break out of Chrome’s protective system, which is meant to keep web content separate from the rest of the computerKaspersky states the issue was caused by a “logical error” in how Chrome's security system interacts with the Windows operating system, allowing attackers to bypass key safety measures.
Google acknowledged the vulnerability and released a security update to fix the bug on Tuesday. The company confirmed that the flaw had been actively exploited but didn’t share more details to protect users while the update rolled out globally.
The discovered exploit was likely used alongside another, still undetected vulnerability, enabling remote code execution, Kaspersky said.
As of now, the malicious links used in the attack no longer contain active exploits and instead redirect users to the legitimate scientific forum website. However, cybersecurity experts urge caution against clicking on suspicious emails, as attackers could rearm the campaign with new exploits.
Briefs
- Russia arrests three for allegedly creating Mamont malware, tied to over 300 cybercrimesMarch 27th, 2025
- Defense contractor to pay $4.6 million over third-party provider’s security weaknessMarch 26th, 2025
- Nearly $13 million stolen from Abracadabra Finance in crypto heistMarch 25th, 2025
- Cyber Command official is Trump’s choice for Pentagon policy jobMarch 25th, 2025
No comments:
Post a Comment