BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Operation ForumTroll Phishing Targets Russian Scholars with Spyware

Operation ForumTroll Revives Phishing Attacks on Russian Academics with Advanced Malware and Exploits

  • A threat actor linked to Operation ForumTroll initiated new phishing attacks on Russian academics in October 2025.
  • Attackers used a forged domain mimicking a scientific library and delivered Malware via personalized email campaigns.
  • The malware includes a PowerShell payload and the Tuoni command-and-control framework enabling remote access.
  • Other threat groups such as QuietCrabs and Thor exploited recent software vulnerabilities in Microsoft SharePoint and Ivanti products.

Operation ForumTroll, active since at least 2022, has resurfaced with targeted phishing attacks against individuals in Russia. In October 2025, the group focused on scholars specializing in political science, international relations, and economics at major universities and research centers. These efforts aim to gain access to sensitive information via personalized email campaigns.

- Advertisement -

The operation exploits a previously unknown vulnerability in Google Chrome (CVE-2025-2783) to deliver advanced malware. Attackers sent emails from a domain, “support@e-library[.]wiki,” registered six months prior to the campaign. This domain impersonated the Russian scientific electronic library “eLibrary,” Hosting a fake copy of the legitimate site to lend credibility.

Emails urged recipients to click a link to download a plagiarism report. Following the link triggered a one-time download of a ZIP archive named using the victim’s full name. This archive contained a Windows shortcut (LNK) file that executed a PowerShell script. The script downloaded a payload initiating further infection steps, including fetching a final-stage DLL and establishing persistence via COM hijacking. The victim also received a decoy PDF to mask the attack.

The final payload consisted of the Tuoni framework, a command-and-control (C2) and red teaming tool that grants remote control of infected Windows machines.

Additionally, Cybersecurity researchers have identified activity from two other threat clusters active in 2025. The group QuietCrabs, linked to Chinese Hackers UTA0178 and UNC5221, exploited security flaws in Microsoft SharePoint (CVE-2025-53770) and Ivanti products like Endpoint Manager Mobile (CVE-2025-4427, CVE-2025-4428), Connect Secure (CVE-2024-21887), and Sentry (CVE-2023-38035). Their methods include deploying ASPX web shells, JSP loaders, and implants such as Sliver.

- Advertisement -

The group Thor, first noted for targeting Russian companies in 2025, employed Ransomware families LockBit and Babuk. They also used tools like Tactical RMM and MeshAgent to maintain long-term access.

This renewed wave of cyberattacks highlights persistent threats to Russian academic and corporate sectors using advanced phishing and exploitation techniques.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Musk directs Tesla to adopt Grok 4.5 for lower token costs

Elon Musk directed Tesla staff to adopt xAI's Grok 4.5, citing lower token costs...

Bitcoin Surges to $65K Amid Multiple Bullish Catalysts

Bitcoin rallied above $64,600 on July 10, climbing more than 15% from its July...

Kraken adds AI goal-based investing tools to mobile app

Kraken is adding AI-powered financial tools to its mobile app, letting users set goals...

Senate Dems demand hearings on Trump’s $1.2B crypto income

Senate Democrats are calling for hearings into President Trump’s crypto holdings after disclosures showed...

Kraken Relaunches App with AI Agentic Trading Before IPO

Kraken is preparing to relaunch its app with agentic AI trading tools to help...

Must Read

5 Best Crypto Jobs Sites To Land Your Next Six Figure Job

The cryptocurrency and blockchain job market has exploded. With new blockchain start-ups and projects being founded at a blistering pace, the demand for workers...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading