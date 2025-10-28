Chrome zero-day exploited to target Russian institutions using Dante spyware

Dante, linked to Memento Labs, enables sandbox escape and file theft

Commercial spyware often sold to regimes targeting dissidents and journalists

A high-severity Google Chrome vulnerability was being abused as a zero-day, to target Russian media outlets, government organizations, educational and financial institutions, experts have said.

Cybersecurity researchers at Kaspersky Lab said the used a piece of commercial malware called Dante as part of what it called Operation ForumTroll in March 2025.

During the investigation, the team observed an 8.3/10 (high) “incorrect handle” vulnerability in the Chrome browser being leveraged, allowing remote attackers to perform a sandbox escape via a malicious file, stealing sensitive files from the underlying system.

Dante spyware

The malware being used in this attack was later identified as Dante - a piece of commercial spyware allegedly developed by a company called Memento Labs.

This company is the successor of Hacking Team, an Italian company that was acquired after suffering a cyberattack itself in 2015, when sensitive files were leaked to the public, revealing Hacking Team was selling its tools to authoritarian regimes and various government institutions.

The firm was acquired in 2019 by InTheCyberGroup, which used it as a foundation to establish Memento Labs, which in 2023, allegedly presented the Dante spyware at the ISS World Middle East and Africa conference.

Commercial spyware companies are not exactly a novelty, but they are generally frowned upon.

Many advertise their services as assistance against terrorism, cyber-espionage, and various underground activities, but in reality, many are selling their services to authoritarian regimes. These governments then use the malware to target political opponents, dissidents, journalists, foreign diplomats, and similar high-profile individuals.

Perhaps the best example is the Israeli NSO Group, which was blacklisted in the US back in 2021 for developing and supplying spyware that foreign governments used to “maliciously target government officials, journalists, businesspeople, activists, academics and embassy workers,” which was deemed contrary to US national security and foreign-policy interests.

