Background
In March 2025, cybersecurity researchers disclosed a highly sophisticated targeted attack campaign named “Operation ForumTroll.” Orchestrated by an unidentified state-sponsored APT group, the operation leveraged a Google Chrome 0-day vulnerability (CVE-2025-2783) as its core weapon. This vulnerability enabled sandbox escape, allowing arbitrary code execution on victims’ Windows systems and granting full control over the targeted machines.
Operation ForumTroll demonstrated exceptional professionalism in constructing its attack chain. The campaign began with a precision spear-phishing operation. The attackers conducted in-depth research on their target demographic, meticulously forging an official conference invitation from “Primakov Readings”, a…