- Chrome zero-day exploited to target Russian institutions using Dante spyware
- Dante, associated with Memento Labs, allows you to escape sandboxing and file theft
- Commercial spyware is often sold to regimes targeting dissidents and journalists
A very serious Google Chrome vulnerability was exploited as a zero-day to target Russian media, government organizations, educational and financial institutions, experts have said.
Cybersecurity researchers at Kaspersky Lab said they used a piece of commercial malware called Dante as part of what it called Operation ForumTroll in March 2025.
During the investigation, the team observed an 8.3/10 (high) “wrong handle” vulnerability in the Chrome browser that was exploited, which allowed remote attackers to perform a sandbox escape via a malicious file and steal sensitive files from the underlying system.
Dante spyware
The malware used in this attack was later identified as Dante – a piece of commercial spyware allegedly developed by a company called Memento Labs.
This company is the successor to Hacking Team, an Italian company that was acquired after itself suffering a cyberattack in 2015 when sensitive files were leaked to the public, revealing that Hacking Team was selling its tools to authoritarian regimes and various government institutions.
The firm was acquired in 2019 by InTheCyberGroup, who used it as a foundation to establish Memento Labs, which in 2023 reportedly presented the Dante spyware at the ISS World Middle East and Africa conference.
Commercial spyware companies are not exactly news, but they are generally frowned upon.
Many advertise their services as assistance against terrorism, cyberespionage and various underground activities, but in reality many sell their services to authoritarian regimes. These governments then use the malware to target political opponents, dissidents, journalists, foreign diplomats and similar high-profile individuals.
Perhaps the best example is the Israeli NSO group, which was blacklisted in the US back in 2021 for developing and supplying spyware that foreign governments used to “maliciously target government officials, journalists, business people, activists, academics, and embassy workers”, which was deemed contrary to US national security and foreign policy interests.
Via Bleeping Computer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
The best antivirus for all budgets
