ForumTroll Targets Political Scientists with Tuoni
📧 Kaspersky researchers have uncovered a targeted campaign by the ForumTroll APT that lures political scientists with personalized plagiarism-check links impersonating the eLibrary service. The downloaded archive contained a malicious .lnk and a .Thumbs directory with images used to evade security; filenames included each victim’s full name. When executed on Windows the .lnk ran a PowerShell chain that installed the commercial red-team framework Tuoni, used COM hijacking for persistence, and displayed a decoy PDF named for the target. Kaspersky reports detections and recommends endpoint and mail-gateway protections to stop similar email-delivered threats.
