Chrome Zero-Day Exploited by APT Group in Sophisticated Phishing Campaign

According to Cybersecurity News, a recent cyberattack campaign has brought renewed attention to the persistent threat posed by advanced persistent threat (APT) actors, who exploit zero-day vulnerabilities.

The TaxOff group has been linked to the active exploitation of a critical Google Chrome flaw (CVE-2025-2783), which allows attackers to bypass browser sandboxing protections and install malware with minimal user interaction.

 This campaign exemplifies the increasing sophistication of threat actors who weaponize novel security vulnerabilities to gain remote access to high-value targets.

The vulnerability, rated 9.6 (Critical) on the CVSS scale, affects Chrome versions prior to 108.0.5359.125. It has been exploited in the wild since at least March 2025.

TaxOff’s attack method begins with deceptive phishing emails purporting to be invitations to prestigious events such as the Primakov Readings or international security conferences.

Upon clicking malicious links embedded in these emails, victims unknowingly trigger the exploit, which installs the Trinper backdoor without further interaction.

Campaign artifacts reveal connections to a 2024 campaign that utilized spoofed URLs and PowerShell command chains to deploy malware.

Technical analysis reveals that Trinper employs a complex multi-layer encryption scheme to evade detection, using ChaCha20 and customized BLAKE2b hashing algorithms.

The malware also verifies its environment through system checks, including firmware UUID validation and process path verification, ensuring payloads only execute on designated systems. Some variants also deliver Cobalt Strike beacons.

Attorneys advising in the cybersecurity, tech, or compliance sectors should note that this incident reinforces the importance of implementing timely patching protocols, providing employee training on phishing risks, and utilizing threat monitoring systems.

Counsel should also advise clients on implementing incident response plans that consider zero-day exploits and associated liabilities, especially when sensitive data or regulated systems are involved.