Full Report
Kaspersky's GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.
Analysis Summary
# Threat Actor: ForumTroll APT
## Attribution & Identity
- **Identification:** ForumTroll APT group.
- **Aliases/Associations:** Based on the context, no other aliases or known associated groups are explicitly mentioned in the provided snippet, other than the researchers who discovered them (Kaspersky's GReAT experts).
## Activity Summary
- **Recent Campaigns:** ForumTroll APT has launched a new wave of cyberattacks.
- **Objective of Campaign:** The attacks were designed to compromise the devices of specified targets through targeted delivery.
## Tactics, Techniques & Procedures
- **Malware Delivery:** The group delivered the **Tuoni framework** to victims' devices.
- **MITRE ATT&CK IDs:** None explicitly mentioned in the provided text.
## Targeting
- **Sectors:** Political scientists.
- **Geography:** Implied focus on Russia (due to the nature of the targets).
- **Victims:** Russian political scientists.
## Tools & Infrastructure
- **Malware Families Used:** Tuoni framework.
- **Infrastructure (C2, domains, IPs):** None specified in the provided text.
## Implications
- This group is actively targeting politically sensitive personnel (political scientists), indicating potential espionage, influence operations, or long-term intelligence gathering goals related to Russian domestic or international politics. The use of the Tuoni framework suggests an established, sophisticated operation.
## Mitigations
- Organizations and individuals matching the targeting profile (e.g., political scientists, research institutes) should enhance defenses against targeted spearphishing and malware delivery mechanisms, specifically looking for signs of the Tuoni framework execution.