Connect with us

    Hi, what are you looking for?

    News

    Kaspersky Spot New HackingTeam Spyware in the Wild After Years of Silence

    Kaspersky

    Kaspersky Global Research and Analysis Team (GReAT) has uncovered evidence linking the HackingTeam successor, Memento Labs, to a new wave of cyberespionage attacks.

    The discovery stems from an investigation into Operation ForumTroll, an Advanced Persistent Threat (APT) campaign that exploited a zero-day vulnerability in Google Chrome. The research was presented at the Security Analyst Summit 2025, taking place in Thailand on October 26-29.

    In March 2025, Kaspersky GReAT brought to light Operation ForumTroll, a sophisticated cyberespionage campaign exploiting a Chrome zero-day vulnerability, CVE-2025-2783.

    The APT group behind the attack sent personalised phishing emails disguised as invitations to the Primakov Readings forum, targeting Russian media outlets, educational institutions, and government organisations.

    While investigating ForumTroll, researchers identified that the attackers used a spyware LeetAgent, which stood out due to its commands written in leetspeak, a rare feature in APT malware.

    Further analysis uncovered similarities between its toolset and a more advanced spyware that Kaspersky GReAT has observed in other attacks. After determining that, in some cases, the latter was launched by LeetAgent or that they shared a loader framework, researchers confirmed the connection between the two, as well as between the attacks.

    Although the other spyware employed advanced anti-analysis techniques, including VMProtect obfuscation, Kaspersky retrieved the malware’s name from the code and identified it as Dante.

    The researchers discovered that a commercial spyware with the same name was promoted by Memento Labs, the rebranded successor to HackingTeam. Additionally, the most recent samples of HackingTeam’s Remote Control System spyware, obtained by Kaspersky GReAT, share similarities with Dante.

    “While the existence of spyware vendors is well-known in the industry, their products remain elusive, particularly in targeted attacks where identification is exceptionally challenging.

    “Uncovering Dante origin demanded peeling back layers of heavily obfuscated code, tracing a handful of rare fingerprints across years of malware evolution, and correlating them with a corporate lineage.

    Maybe it is the reason they called it Dante, there is a hell of a journey for anyone who would try to find its roots”, said Boris Larin, principal security researcher at Kaspersky GReAT.

    The researchers traced the first use of LeetAgent back to 2022 and discovered additional attacks by ForumTroll APT targeting organisations and individuals in Russia and Belarus. The group stands out for its strong command of Russian and knowledge of local nuances, traits that Kaspersky observed in other campaigns linked to this APT threat. However, occasional errors suggest that the attackers were not native speakers.

    The attack leveraging LeetAgent was first detected by Kaspersky Next XDR Expert. The full details of this research, as well as future updates on ForumTroll APT and Dante, are available to customers of the APT reporting service through Kaspersky Threat Intelligence Portal.

    Loading

    Spread the love
    Frank
    Written By

    Franklin Ugo Ndibe is a seasoned Nigerian journalist and media professional renowned for his incisive reporting and editorial leadership in the information and communications technology (ICT) sector.

    Click to comment

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    ad

    You May Also Like

    News

    Central Bank of Nigeria (CBN) has reaffirmed that the standard N100 banknote remains legal tender across the country, warning that individuals, businesses and institutions...

    Entertainment

    Emeka Nwodike, Acting Director of the MUSON School of Music, conducted the institution’s graduating class in a grand finale performance, bringing the 2026 graduation...

    News

    Corporate Affairs Commission (CAC) says it will begin full enforcement of statutory requirements governing the contents of company business letters from Aug. 1, warning...

    Tech

    Nigerian Communications Commission (NCC) says it is intensifying efforts to implement Nigeria’s planned 112 national emergency number following its approval by the National Economic...