Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain


In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware.

In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. Kaspersky researchers quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome, which was then reported to the Google security team.

Read more…
Source: Kaspersky


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • A cyberattack targets Albanian Parliament, cellphone provider and air flight company

    December 27, 2023

    Albania’s Parliament said on Tuesday that it had suffered a cyberattack with hackers trying to get into its data system, resulting in a temporary halt in its services. A statement said Monday’s cyberattack had not “touched the data of the system,” adding that experts were working to discover what consequences the attack could have. It said ...

  • Henry Schein Sales Hurt by Cyber Attack, Macro Woes

    December 27, 2023

    Henry Schein (HSIC) is currently entangled in a major cyber-attack incident. Headwinds like unfavorable currency movement and global economic uncertainties continue to affect the company. The stock carries a Zacks Rank #4 (Sell). In October 2023, Henry Schein stated that a portion of its manufacturing and distribution businesses experienced a cybersecurity incident. Henry Schein took precautionary ...

  • Israel’s Cyber Directorate warns of phishing attack by Iran-based hacking squad

    December 26, 2023

    Israel’s National Cyber Directorate issued a statement Tuesday warning of a phishing attack by Iranian hackers. Posing as American network security conglomerate F5, Iranian hackers sent an email to IT officials in multiple Israeli companies with instructions to download what seems like an update, but is actually malware, said the directorate. Working with an unnamed commercial ...

  • Motorists data stolen as RingGo parking app-owner hit by cyber attack

    December 26, 2023

    Hackers have stolen data including partial credit card numbers from parking apps used by millions of motorists. EasyPark, which owns RingGo and ParkMobile, said the details of at least 950 customers in the UK had been stolen by hackers, including names, phone numbers, addresses, email addresses and parts of credit card numbers. Read more… Source: MSN News  

  • Hackers stole $2 billion in crypto in 2023, data shows

    December 26, 2023

    For yet another year, hackers stole billions of dollars in crypto. But for the first time since 2020, the trend is downwards, according to crypto security firms. This year, hackers stole around $2 billion dollars in crypto across dozens of cyberattacks and thefts, according to De.FI, the web3 security firm that runs the REKT database. The ...

  • Estonia: At least one case of extortion reported following Asper Biogene data leak

    December 25, 2023

    Investigations into the Asper Biogene data leak that came to light last week are ongoing, and there is already at least one known case of an attempt to extort money from an individual in connection with the data leak. When the data theft case came to light, police warned that the situation could be exploited by ...