Kaspersky warns of cyberattacks on Russian media employees

In March 2025, Kaspersky Lab reported targeted cyberattacks on media workers and organizations in Russia. These attacks targeted employees from the media, educational institutions, and government agencies. Kaspersky GReAT described the campaign as "Operation Forum Troll." Attackers sent fake invitations to a scientific forum called "Primakov Readings." When victims clicked on a personalized link in the message, their devices became infected with malware automatically. The malware exploited a vulnerability in Google Chrome, known as a zero-day exploit. This means that the malware could bypass Chrome's security features without requiring any action from the user. Kaspersky explained that the attack took advantage of a logic error between the Chrome sandbox and the Windows operating system. They noted that the attackers had a high level of technical expertise and suggested that a foreign state-sponsored group was behind the attacks. On March 25, 2025, Google released an update to fix the vulnerability used in these attacks. Kaspersky's experts recognized a wave of attempts to infect users with complex malware during this period.