Chrome Zero-day Exploited To Deliver Italian Memento Labs' Lee...

The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky.

The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as having come under active exploitation as part of a campaign dubbed Operation ForumTroll targeting organizations in Russia. The cluster is also tracked as TaxOff/Team 46 by Positive Technologies, Dante APT by F6, and Prosperous Werewolf by BI.ZONE. It's known to be active since at least February 2024.

The wave of infections involved sending phishing emails containing personalized, short-lived links inviting recipients to the Primakov Readings forum. Clicking the links through Google Chrome or a Chromium-based web browser was enough to trigger an exploit for CVE-2025-2783, enabling the attackers to break out of the confines of the program and deliver tools developed by Memento Labs.

Headquartered in Milan, Memento Labs (also stylized as mem3nt0) was formed in April 2019 following the merger of InTheCyber Group and HackingTeam (aka Hacking Team), the latter of which has a history of selling offensive intrusion and surveillance capabilities to governments, law enforcement agencies, and corporations, including creating spyware designed to monitor the Tor browser.

Most notably, the infamous surveillance software vendor suffered a hack in July 2015, resulting in the leak of hundreds of gigabytes of internal data, including tools and exploits. Among these was an Extensible Firmware Interface (EFI) development kit dubbed VectorEDK that would later go on to become the foundation for a UEFI bootkit known as MosaicRegressor. In April 2016, the company courted further trouble after Italian export authorities revoked its license to sell outside of Europe.

In the latest set of attacks documented by the Russian cybersecurity vendor, the lures targeted media outlets, universities, research centers, government organizations, financial institutions, and other organizations in Russia with the primary goal of espionage.

"This was a targeted spear-phishing operation, not a broad, indiscriminate campaign," Boris Larin, principal security researcher at Kaspersky Global Research and Analysis Team (GReAT), told The Hacker News. "We observed multiple intrusions against organizations and individuals in Russi

Source: The Hacker News