- Chrome zero-day exploited to target Russian institutions using Dante spyware
- Dante, linked to Memento Labs, enables sandbox escape and file theft
- Commercial spyware often sold to regimes targeting dissidents and journalists
A high-severity Google Chrome vulnerability was being abused as a zero-day, to target Russian media outlets, government organizations, educational and financial institutions, experts have said.
Cybersecurity researchers at Kaspersky Lab said the used a piece of commercial malware called Dante as part of what it called Operation ForumTroll in March 2025.
During the investigation, the team observed an 8.3/10 (high) “incorrect handle” vulnerability in the Chrome browser being leveraged, allowing remote attackers to perform a sandbox escape via a malicious file, stealing sensitive files from the underlying system.
Dante spyware
The malware being used in this attack was later identified as Dante – a piece of commercial spyware allegedly developed by a company called Memento Labs.
This company is the successor of Hacking Team, an Italian company that was acquired after suffering a cyberattack itself in 2015, when sensitive files were leaked to the public, revealing Hacking Team was selling its tools to authoritarian regimes and various government institutions.
The firm was acquired in 2019 by InTheCyberGroup, which used it as a foundation to establish Memento Labs, which in 2023, allegedly presented the Dante spyware at the ISS World Middle East and Africa conference.
Commercial spyware companies are not exactly a novelty, but they are generally frowned upon.
Many advertise their services as assistance against terrorism, cyber-espionage, and various underground activities, but in reality, many are selling their services to authoritarian regimes. These governments then use the malware to target political opponents, dissidents, journalists, foreign diplomats, and similar high-profile individuals.
Perhaps the best example is the Israeli NSO Group, which was blacklisted in the US back in 2021 for developing and supplying spyware that foreign governments used to “maliciously target government officials, journalists, businesspeople, activists, academics and embassy workers,” which was deemed contrary to US national security and foreign-policy interests.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
The best antivirus for all budgets
