Full Report
The Dante spyware from Memento Labs — the successor to the notorious Italian company Hacking Team — was part of espionage operations against targets in Russia and Belarus, researchers at Kaspersky said.
Analysis Summary
# Italian-made spyware spotted in breaches of Russian, Belarusian systems
## Key Points
- Italian-made spyware developed by Memento Labs was used in attacks on organizations in Russia and Belarus.
- Researchers at Kaspersky identified the company's commercial spyware, known as Dante, in multiple attacks linked to a hacking group dubbed ForumTroll.
- The attackers likely used the spyware to gather intelligence on their targets.
- The use of Dante marks the first documented instance of the spyware's use in real-world cyberattacks since it was unveiled by Memento Labs in 2023.
## Threat Actors
- **ForumTroll**: A hacking group with distinctive features, including proficiency in Russian and familiarity with local peculiarities.
- **Memento Labs**: An Italian company that developed the Dante spyware.
## TTPs
- **Phishing emails disguised as invitations to a well-known Russian scientific and expert forum**: Used by ForumTroll to target victims.
- **Exploiting a zero-day vulnerability in Google's Chrome browser**: Used by ForumTroll to deliver malicious links.
- **Dante spyware**: A commercial spyware developed by Memento Labs, used by ForumTroll in multiple attacks.
## Affected Systems
- **Russian and Belarusian organizations**: Targeted by ForumTroll using Dante spyware.
- **Google's Chrome browser**: Exploited by zero-day vulnerability to deliver malicious links.
## Mitigations
- **Patch Google's Chrome browser**: To prevent exploitation of the zero-day vulnerability.
- **Implement robust security measures**: To protect against phishing emails and spyware attacks.
- **Monitor for suspicious activity**: To detect potential Dante infections.