Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain


In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware.

In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. Kaspersky researchers quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome, which was then reported to the Google security team.

Read more…
Source: Kaspersky


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • API Security Exposed: The Role of API Vulnerabilities in Real-World Data Breaches

    October 10, 2024

    This Trend Micro research discusses real-world API vulnerabilities and shows the risks companies face every day. We start our journey with two popular API gateways: APISIX and Kong. The researchers found over 600 APISIX instances and hundreds of thousands of Kong gateways accessible online. Each one is a door waiting for attackers to knock. However, the ...

  • European government systems hit by air-gap malware attack

    October 9, 2024

    In the last five years, hackers managed to steal sensitive information from air-gapped systems belonging to different European governments on at least three separate occasions. An air-gapped system is a computer or network that is physically isolated from unsecured networks, such as the internet, to prevent unauthorized access and enhance security. Still, crooks managed to steal ...

  • MoneyGram data breach included Social Security numbers, government documents, bank and other sensitive data

    October 9, 2024

    MoneyGram is back online after a cybersecurity breach disrupted services and compromised personal information. Between September 20 and 22, an “unauthorized third party” accessed and acquired the personal data of certain MoneyGram customers, the company said, leaving users unable to access their accounts. The money-sending service provided an update this past Monday, confirming that systems are ...

  • Casio Faces Cyberattack: Service Disruptions and Delayed G-Shock Releases

    October 9, 2024

    Casio, a well-known Japanese electronics company, experienced a significant cyberattack on October 5th. The company reported that an unidentified third party illegally accessed its network, causing system failures and service disruptions. In a statement on October 8th, Casio expressed regret for the inconvenience this has caused to its customers and stakeholders. The company is actively investigating ...

  • Awareness of Cyber Risks to Healthcare Organizations is not Always Translating to Adequate Protections

    October 8, 2024

    Despite growing awareness and widespread acknowledgment of the impact of cyber threats facing the healthcare industry, many within it are still struggling to keep them at bay. The third annual Ponemon Institute Report, commissioned by Proofpoint, found that 92% of US healthcare organizations surveyed experienced at least one cyber attack in the past 12 month, with ...

  • File hosting services misused for identity phishing

    October 8, 2024

    Microsoft has observed campaigns misusing legitimate file hosting services increasingly use defense evasion tactics involving files with restricted access and view-only restrictions. While these campaigns are generic and opportunistic in nature, they involve sophisticated techniques to perform social engineering, evade detection, and expand threat actor reach to other accounts and tenants. These campaigns are intended to ...