Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports

Operation ForumTroll is an ongoing APT campaign targeting organizations and individuals in Russia and Belarus: spring 2025 activity exploited CVE-2025-2783 to deploy rare implants (LeetAgent, Dante), while an October 2025 phishing campaign used a fake e-library.wiki site and personalized archives to deliver a PowerShell downloader that installed an OLLVM-obfuscated DLL loader and the Tuoni remote access framework, using COM hijacking for persistence and fastly.net subdomains for C2; multiple indicators of compromise and TTPs are provided.