Close Menu
Cybercrime and Ransomware

Italian spyware vendor tied to Chrome zero-day attacks

Staff WriterBy No Comments4 Mins Read1 Views

Summary Points

  1. A zero-day vulnerability in Google Chrome (CVE-2025-2783) exploited in Operation ForumTroll enabled malware delivery, targeting Russian organizations via malicious links.
  2. The attack chain involved a sandbox escape, allowing malware to execute and deploy a modular spyware called LeetAgent, linked to Italian vendor Memento Labs, formerly Hacking Team.
  3. Memento Labs, founded post-Hacking Team’s 2015 breach and acquired in 2019 by InTheCyber Group, developed the Dante spyware, which is designed to self-delete after data exfiltration.
  4. Chrome addressed the vulnerability in versions 134.0.6998.178, and attribution links the malware to Memento Labs, though the identity of the zero-day’s creator remains uncertain.

What’s the Problem?

In early 2023, security researchers from Kaspersky uncovered Operation ForumTroll, a cyber espionage campaign targeting Russian institutions such as media outlets, universities, and government agencies. This operation exploited a zero-day vulnerability in Google Chrome, identified as CVE-2025-2783, which allowed attackers to bypass sandbox protections and deliver malware simply by clicking on malicious links embedded in specially crafted emails. The malware chain involved deploying a modular spyware known as LeetAgent, capable of executing commands, logging keystrokes, and stealing data, often initializing by installing the Dante spyware. Kaspersky traced the origins of this malware to Memento Labs, a company established after InTheCyber Group acquired the notorious Hacking Team, which was infamous for its surveillance tools and was dismantled after its breaches in 2015. The attack’s sophistication, combining zero-day exploits and customized malware, indicates a well-structured effort likely intended for espionage against Russian interests, with concerns heightened about the use of such covert tools and their ties to the Italian spyware industry.

Security Implications

The alarming emergence of an Italian spyware vendor linked to Chrome zero-day attacks underscores a potential threat that could imperil any business, regardless of size or industry. If such malicious exploits target your systems, adversaries could clandestinely infiltrate your network, extracting sensitive data, sabotaging operations, or planting malicious software—seriously eroding your trustworthiness and competitive edge. The risks extend beyond immediate data breaches; ongoing threats can lead to financial loss, regulatory penalties, and damage to your reputation that takes years to rebuild. Given the sophistication of zero-day vulnerabilities, any organization remains vulnerable unless proactive security measures are adopted, making the threat real and immediate for every business operating in today’s interconnected digital landscape.

Possible Next Steps

Timely remediation is crucial when addressing threats like the Italian spyware vendor linked to Chrome zero-day attacks, as swift action helps minimize the potential for widespread data breaches, system compromise, and prolonged exploitation, ultimately preserving organizational integrity and stakeholder trust.

Containment Measures

  • Isolate affected devices and networks to prevent further spread.
  • Disable or restrict the use of compromised software or plugins immediately.

Detection and Investigation

  • Deploy advanced malware and intrusion detection tools to identify signs of infection.
  • Conduct thorough forensic analysis to understand the scope and entry points.

Patch and Update

  • Apply the latest security patches for Chrome and any related software as soon as they become available.
  • Remove or disable the malicious plugin or extensions linked to the spyware.

Credential Management

  • Reset passwords and implement multi-factor authentication to protect sensitive accounts.
  • Review access controls to ensure least privilege principles are maintained.

Communication and Reporting

  • Inform relevant stakeholders, including security teams and users, about the threat and necessary precautions.
  • Report the incident to appropriate authorities and industry sharing platforms.

Long-term Defense

  • Enhance endpoint security with updated anti-malware solutions.
  • Implement regular vulnerability assessments and security awareness training.

Explore More Security Insights

Explore career growth and education via Careers & Learning, or dive into Compliance essentials.

Explore engineering-led approaches to digital security at IEEE Cybersecurity.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1cyberattack-v1-multisource

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.