Italian-made spyware spotted in breaches of Russian, Belarusian systems

Steven

Italian-made spyware spotted in breaches of Russian, Belarusian systems

Summary

Kaspersky researchers say they found signs that Dante, a commercial spyware package from Milan-based Memento Labs (formerly Hacking Team), was used in attacks against organisations in Russia and Belarus. The discovery followed an investigation into a series of ForumTroll intrusions; while Dante was located in some incidents, it was not present in the March campaign that initially drew Kaspersky’s attention.

The report notes that ForumTroll used phishing lures and exploited a Chrome zero-day (now CVE-2025-2783) in other operations. Kaspersky could not confirm who contracted or paid for Dante, whether Memento Labs knew of its deployment, or whether any of Kaspersky’s customers are actively infected. The finding is the first documented real-world use of Dante since Memento Labs unveiled it in 2023.

Key Points

  • Kaspersky identified Memento Labs’ Dante spyware linked to attacks on Russian and Belarusian targets.
  • The finding emerged while investigating ForumTroll campaigns that used phishing and a Chrome zero-day (CVE-2025-2783).
  • Dante was found alongside ForumTroll’s custom tool LeetAgent, which can act as a loader for the more capable Dante spyware.
  • Kaspersky found no evidence of active Dante infections among its customers and could not determine who commissioned the spyware’s use.
  • Memento Labs, the successor to controversial Hacking Team, did not respond to requests for comment; the company markets intelligence solutions to law enforcement and agencies.
  • The case raises fresh questions about commercial spyware resale and use in geopolitical contexts, and recalls past human-rights concerns tied to Hacking Team’s RCS product.

Why should I read this?

Short version: this is the first real-world sighting of Dante and it matters. If you care about cyber‑espionage, digital rights, or defending networks in Eastern Europe, this is a neat heads-up — someone is using a commercially made, law‑enforcement‑market spyware in the wild, and attribution, payments and oversight are murky. We’ve skimmed the technical bits so you don’t have to.

Source

Source: https://therecord.media/memento-labs-formerly-hacking-team-dante-spyware-russia-kaspersky