Researchers discovered Dante, a commercial spyware, used in a Chrome zero-day attack targeting Russian media and government organizations in March 2025.
Vulnerability Details
The zero-day, rated 8.3/10, involved an "incorrect handle" vulnerability in Google Chrome. The flaw allowed attackers to escape the browser's sandbox and exfiltrate sensitive files from victims' systems.
- Attack vector: Exploited incorrect handle vulnerability.
- Date observed: March 2025.
- Targets: Russian media, government, educational, and financial sectors.
- Attribution: Allegedly developed by Memento Labs.
- Tools: Malicious file for sandbox escape.
Memento Labs and Its History
Dante, reportedly developed by Memento Labs, a company linked to the now-defunct Hacking Team, has been sold as a counterterrorism tool. Investigators noted its potential misuse against political opponents, journalists, and activists.
Memento Labs, formed from assets of InTheCyberGroup in 2019, showcased Dante at ISS World Middle East and Africa in 2023.
Risks Highlighted
Kaspersky Lab's report highlights the severe risk of combining browser zero-day vulnerabilities with commercial spyware, emphasizing the potential for high-profile digital espionage.
