VERY IMPORTANT

The ForumTroll APT group has launched a new targeted phishing campaign against Russian political scientists, exploiting plagiarism reports as bait. The attackers used sophisticated techniques, including a well-prepared domain and personalized emails, to deliver the Tuoni framework malware. This campaign follows their spring attacks, which targeted organizations using zero-day vulnerabilities. The fall campaign relied on social engineering, using emails posing as a scientific library to trick victims into downloading malicious archives. The final payload was delivered through a PowerShell script and established persistence using COM Hijacking. Despite being less technically sophisticated than the spring campaign, this operation demonstrates the group's continued focus on Russian and Belarusian targets.