Hacking Team successor linked to malware marketing campaign, new ‘Dante’ industrial spyware and adware

Kaspersky researchers stated Monday that they’ve unearthed a malware marketing campaign they’re linking to the successor firm of the notorious Italy-based surveillance tech agency Hacking Team, and on the similar time found new industrial malware tied to the identical agency.

The malware marketing campaign that Kaspersky dubbed Operation ForumTroll focused authorities organizations, media retailers, monetary establishments, universities, analysis facilities and different organizations in Russia, with an obvious objective of conducting espionage. It recognized it as a sophisticated persistent menace marketing campaign, a time period usually utilized to nation-state attackers.

Hacking Team was lively from the early 2000s till 2019, when it was acquired and rebranded as Memento Labs. Kaspersky stated in a blog post Monday that it detected a wave of malware infections in March that it traced again to 2022 and tied to Memento Labs.

While analyzing that malware, researchers discovered a beforehand undiscovered industrial spyware and adware product Memento Labs developed often known as “Dante,” in keeping with Kaspersky.

Kaspersky stated the malware infections occurred when victims clicked on customized phishing hyperlinks by way of electronic mail. It was disguised as an invite from organizers of the scientific and skilled discussion board for Primakov Readings, a world summit on international politics and economics.

“No further action was required to initiate the infection; simply visiting the malicious website using Google Chrome or another Chromium-based web browser was enough,” Kaspersky wrote. “The malicious links were personalized and extremely short-lived to avoid detection.”

The marketing campaign exploited a zero-day (or beforehand unknown and unpatched) vulnerability in Google Chrome. Google patched the vulnerability after it was alerted, Kaspersky stated.

Memento Labs didn’t instantly reply to emails or calls in search of remark Monday.

Despite the detection, the event may truly be a promising one for Memento Labs, which was said to be struggling shortly after transforming from Hacking Team, essentially the most distinguished spyware and adware maker in a nation that has grow to be a hotbed for the tech.

Russia-headquartered Kaspersky’s discoveries additionally marks the second time this month there was an intermingling of spyware and adware and Russian targets, following Zimperium’s revelations about ClayRat.

There was some overlap between the Operation ForumTroll malware marketing campaign and the Dante spyware and adware, however it wasn’t precise, Kaspersky wrote.

“Although we didn’t see the ForumTroll APT group using Dante in the Operation ForumTroll campaign, we have observed its use in other attacks linked to this group,” the weblog publish states. “Notably, we saw several minor similarities between this attack and others involving Dante, such as similar file system paths, the same persistence mechanism, data hidden in font files, and other minor details. Most importantly, we found similar code shared by the exploit, loader, and Dante.”