Italian Spyware Unveiled in Russian and Belarusian Cyberattacks: A New Chapter in Global Surveillance?
A shocking discovery has emerged from the world of cybersecurity: Italian-crafted spyware, developed by the infamous Memento Labs (formerly known as Hacking Team), has been implicated in cyberattacks targeting organizations in Russia and Belarus. But here's where it gets controversial: this isn't just any spyware—it's the sophisticated Dante tool, unveiled in 2023 during a secretive conference for law enforcement and intelligence agencies. Could this be a sign of escalating global surveillance tactics, or is there more to the story than meets the eye?
In a detailed report published Monday, researchers at Kaspersky revealed that Dante was identified in multiple attacks linked to the hacking group ForumTroll. While Kaspersky assured that there’s no evidence of active Dante infections among its customers, the origins of ForumTroll’s operations remain shrouded in mystery. Who commissioned these attacks? How much did the attackers pay for access to Dante? And was Memento Labs aware of its spyware being deployed in these campaigns? These questions linger, leaving room for speculation and debate.
The ForumTroll Connection: A Puzzle of Language and Expertise
ForumTroll, known for its proficiency in Russian and deep understanding of local nuances, has left a trail of clues that both intrigue and confuse. While their campaigns demonstrate a high level of expertise, occasional mistakes suggest the attackers might not be native Russian speakers. And this is the part most people miss: the group’s custom tool, LeetAgent, has been acting as a loader for the far more advanced Dante, with LeetAgent’s origins tracing back to at least 2022. Could this be a deliberate strategy to mask the true extent of their capabilities?
A Troubling History: Memento Labs and the Legacy of Hacking Team
Memento Labs, based in Milan, has a contentious past. Its predecessor, Hacking Team, was notorious for selling intrusion and surveillance tools to governments worldwide, including those with questionable human rights records. A 2014 report by Citizen Lab exposed that Hacking Team’s Remote Control Systems (RCS) spyware was used in at least 20 countries, including Saudi Arabia, Sudan, and Mexico. After a massive data leak in 2015, the company rebranded as Memento Labs, but its focus on marketing “intelligence solutions” to law enforcement and intelligence agencies remains unchanged. Is this a case of a reformed entity, or are old habits dying hard?
The March Espionage Campaign: A Closer Look
Kaspersky’s discovery of Dante was a byproduct of investigating a March 2023 espionage campaign by ForumTroll. The group targeted Russian media outlets, universities, research centers, government institutions, and financial organizations with phishing emails disguised as invitations to a prominent Russian scientific forum. The attackers exploited a zero-day vulnerability in Google’s Chrome browser, now identified as CVE-2025-2783, which Google has since patched. While Dante wasn’t used in this specific campaign, the investigation led Kaspersky to uncover its presence in other attacks.
The Bigger Picture: Global Surveillance and Ethical Concerns
This revelation raises critical questions about the ethics of spyware development and deployment. Should companies like Memento Labs be held accountable for how their tools are used? And what role should international regulations play in curbing the misuse of such powerful technologies? As the lines between national security and privacy continue to blur, one thing is clear: the world of cybersecurity is more complex and contentious than ever.
What’s Your Take?
Is the use of spyware like Dante a necessary evil in the fight against cybercrime, or does it pose a greater threat to individual freedoms? Share your thoughts in the comments below—we’d love to hear your perspective on this pressing issue. And don’t forget to explore more insights with the Recorded Future Intelligence Cloud to stay ahead in the ever-evolving landscape of cybersecurity.
