A new wave of phishing attacks, linked to the notorious Operation ForumTroll, has emerged, targeting Russian scholars with a clever and personalized approach. This latest threat, uncovered by Kaspersky, is a cause for concern and highlights the evolving tactics of cybercriminals.
The operation, which began in October 2025, focuses on individuals in the fields of political science, international relations, and global economics, employed by major Russian universities and research institutions. It's a targeted campaign, and the attackers have gone to great lengths to ensure their success.
But here's where it gets controversial... These phishing attempts exploit a zero-day vulnerability in Google Chrome, delivering a backdoor and spyware. The emails, appearing to be from a Russian scientific library called eLibrary, are carefully crafted to trick victims. The domain used, registered months before the campaign, is a clever tactic to avoid suspicion.
When a potential victim clicks the link, they are instructed to download a plagiarism report. However, what they actually download is a ZIP archive with a personalized name, containing a Windows shortcut. This shortcut, when executed, runs a malicious script, ultimately leading to the installation of a command-and-control framework known as Tuoni. It's a sophisticated attack, designed to gain remote access to the victim's device.
ForumTroll has been active since at least 2022, targeting both organizations and individuals in Russia and Belarus. The longevity of this threat group suggests they are here to stay and will continue to pose a significant risk.
And this is the part most people miss... While ForumTroll is in the spotlight, other threat clusters are also active. QuietCrabs, a suspected Chinese hacking group, and Thor, a ransomware-focused group, have been leveraging security flaws in various software to gain initial access and deploy their malicious payloads. These groups are a constant reminder of the diverse and ever-evolving threat landscape.
As we navigate this complex world of cybersecurity, it's crucial to stay informed and vigilant. The tactics employed by these threat actors are a stark reminder of the importance of robust security measures and user awareness.
What are your thoughts on these evolving phishing tactics? Do you think we're doing enough to protect ourselves and our institutions from such targeted attacks? Feel free to share your insights and opinions in the comments below!
