Last June, Kaspersky discovered another espionage campaign, dubbed Operation Triangulation, that exploited two vulnerabilities in Apple devices. Russian security researchers discovered sophisticated new malware used in an espionage campaign targeting media outlets and educational institutions in the country. The attacks, which exploited a zero-day vulnerability in Google Chrome, left the researchers at cybersecurity firm Kaspersky baffled. Kaspersky states the issue was caused by a “logical error” in how Chrome's security system interacts with the Windows operating system, allowing attackers to bypass key safety measures. “We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” researchers said in their analysis published Tuesday. During the attack, hackers exploited a security flaw tracked as CVE-2025-2783 to break out of Chrome’s protective system, which is meant to keep web content separate from the rest of the computer. Earlier in August, Kaspersky discovered a previously unseen spyware that targets Android users in Russia. Due to the complexity of the operation and the tools used, Kaspersky believes the attack was carried out by state-sponsored hackers, though they have not attributed it to a specific country. The discovered exploit was likely used alongside another, still undetected vulnerability, enabling remote code execution, Kaspersky said. The suspected espionage campaign, dubbed “Operation ForumTroll,” was identified by Kaspersky in mid-March. As of now, the malicious links used in the attack no longer contain active exploits and instead redirect users to the legitimate scientific forum website. Apple has denied these claims, and Kaspersky has not attributed Operation Triangulation to any government or known hacking group. The company discovered a wave of phishing emails impersonating organizers of a well-known Russian scientific and expert forum. The campaign has been active since 2019 and attacks its targets by sending iMessages with malicious attachments. Without doing anything obviously malicious or forbidden, the hackers managed to bypass Google Chrome’s sandbox protection “as if it didn’t even exist,” they said. The company confirmed that the flaw had been actively exploited but didn’t share more details to protect users while the update rolled out globally. However, cybersecurity experts urge caution against clicking on suspicious emails, as attackers could rearm the campaign with new exploits. Kaspersky said they were able to detect 10 spyware targets in Russia but declined to disclose who the victims were.
This Cyber News was published on therecord.media. Publication date: Thu, 27 Mar 2025 13:55:11 +0000