"Most notably, the infamous surveillance software vendor suffered a hack in July 2015, resulting in the leak of hundreds of gigabytes of internal data, including tools and exploits. Among these was an Extensible Firmware Interface (EFI) development kit dubbed VectorEDK that would later go on to become the foundation for a UEFI bootkit known as MosaicRegressor. In April 2016, the company courted further trouble after Italian export authorities revoked its license to sell outside of Europe."
"The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as having come under active exploitation as part of a campaign dubbed Operation ForumTroll targeting organizations in Russia. The cluster is also tracked as TaxOff/Team 46 by Positive Technologies, Dante APT by F6, and Prosperous Werewolf by BI.ZONE. It's known to be active since at least February 2024."
A patched Chrome zero-day, CVE-2025-2783, was exploited to escape the browser sandbox and deliver espionage tools from Memento Labs. The campaign, dubbed Operation ForumTroll and tracked as TaxOff/Team 46, Dante APT, and Prosperous Werewolf, targeted organizations in Russia and has been active since at least February 2024. Attackers used phishing emails with personalized, short-lived links to the Primakov Readings forum; clicking those links in Chrome or Chromium-based browsers triggered the exploit and enabled delivery of Memento Labs tools. Memento Labs formed in April 2019 from InTheCyber Group and HackingTeam, which has a history of offensive surveillance tooling; a 2015 leak exposed a VectorEDK EFI kit that later became the MosaicRegressor bootkit, and Italian export authorities revoked the company's license to sell outside Europe in April 2016.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]