Experts from Kaspersky's Global Research and Analysis Team (GReAT) have recently identified two advanced campaigns that point to a clear evolution in global cybercrime.
One campaign, named Operation ForumTroll, is linked to the group Memento Labs, formerly known as Hacking Team. Attackers used highly personalized phishing, simulating credible invitations to a Russian academic forum, to infiltrate media outlets, financial institutions, and government bodies. During the investigation, experts identified a highly sophisticated spyware called LeetAgent. This program used an uncommon command language and was associated with another, even more advanced malware commercially developed by Memento Labs: Dante.
Leandro Cuozzo, a security analyst for Latin America at Kaspersky, commented that the operation has been active since at least 2022 and primarily targets organizations in Russia and Belarus, despite indications that the attackers are not native Russian speakers.
In parallel, Kaspersky detected new campaigns by the BlueNoroff group, which use artificial intelligence (AI)-powered tools to design attacks targeting executives, investors, and developers in the cryptocurrency and Web3 sectors. These operations have been dubbed GhostCall and GhostHire.
• GhostCall: Focuses mainly on macOS devices. Victims receive fake investment meeting invitations, and during the video call, they are asked to "update" their Zoom or Teams client, which leads to the unwitting installation of malware.
• GhostHire: Targets developers and professionals in the blockchain sector. Attackers pose as recruiters who send infected technical tests via GitHub.
Security experts warn that AI has become an ally of global cybercrime, allowing attackers to develop malware more quickly, create more convincing phishing sites, and thereby facilitate the theft of credentials, financial information, and corporate access with "surgical" precision.
Security Recommendations for Organizations: • Verify the identity of any contact before opening files or links. • Do not execute commands or download unverified files during video calls or online meetings. • Implement strict multi-factor authentication and data encryption policies. • Use advanced visibility, detection, and response solutions, such as Kaspersky Next. • Complement your defense with managed services like Managed Detection and Response and Incident Response.
