AI vs Targeted Phishing: Lessons From ForumTroll

A single phishing email can be “perfect” and still be detectable. That’s the real lesson in the latest ForumTroll campaign: attackers don’t need noisy malware or mass spam anymore—they just need one believable message, one well-aged domain, and one click on a Windows machine.

Kaspersky’s reporting on the new ForumTroll wave shows a playbook that many security teams still underestimate: highly personalized lures, domain aging, one-time links, and a fileless-ish execution chain (LNK → PowerShell → DLL) that’s built to slip past controls that rely on static indicators.

This post is part of our AI in Cybersecurity series, and I’m going to be opinionated here: targeted phishing isn’t primarily an email security problem anymore. It’s an end-to-end detection problem. AI-powered cybersecurity earns its keep when it correlates weak signals across email, identity, endpoint, and network—fast.

What ForumTroll gets right (and why it works)

ForumTroll succeeds because it attacks the assumptions baked into many enterprise defenses: “new domains are suspicious,” “bad links stay bad,” “attachments are the main risk,” and “phishing looks generic.” This campaign flips those assumptions.

Kaspersky observed activity starting in October 2025, shifting from organization-focused attacks earlier in the year to individual scholars in political science, international relations, and global economics at major Russian institutions. Targeting individuals changes the defensive math: fewer emails, more personalization, and a higher chance the recipient is busy and curious.

Tactic 1: Domain aging + pixel-perfect trust cues

The emails impersonate eLibrary (a Russian scientific e-library) and come from support@e-library[.]wiki. The domain was registered months earlier, then used later—classic strategic domain aging.

They also hosted a copy of the legitimate eLibrary homepage on the fake domain. That matters because many users do a quick “sanity check” by clicking around a landing page. If it looks right, they proceed.

Why this defeats basic filters: rules that weigh “domain age” or “newly registered” signals can be bypassed. Brand impersonation is less about typos now and more about full-fidelity cloning.

Tactic 2: One-time links and OS-aware delivery

ForumTroll’s links are designed for one-time use. After a click, a second attempt returns a generic “download failed” message. If the victim tries from macOS/Linux, they’re told to try again on Windows.

That’s not just trickery—it’s operational security. One-time links reduce the chance that defenders, sandboxes, or curious colleagues can re-open the same URL and reproduce the download.

Defender takeaway: if your investigation and detonation workflows depend on re-clicking a link, you’ll lose visibility in campaigns like this.

Tactic 3: Personalized ZIPs that feel “administrative”

Victims are told to download a plagiarism report, delivered as a ZIP named like:

• <LastName>_<FirstName>_<Patronymic>.zip

That kind of detail is disarming. It signals the sender “knows” you, and it makes the file feel like a university workflow artifact rather than malware.

This is where AI-based phishing detection should shine: personalization isn’t a reason to trust a message; it’s often a reason to distrust it.

The execution chain: why “just block macros” doesn’t help

The payload delivery is modern and frustrating:

1. Victim downloads a ZIP
2. ZIP contains a Windows shortcut (LNK)
3. LNK executes PowerShell
4. PowerShell downloads and runs a PowerShell-based loader
5. Loader fetches a final-stage DLL, persists via COM hijacking
6. A decoy PDF is shown to reduce suspicion
7. Final payload is Tuoni, a C2/red teaming framework enabling remote access

This chain avoids the older enterprise comfort blankets:

• No Office macros required
• No obvious executable attachment
• PowerShell activity can blend into legitimate admin scripting
• The decoy PDF buys attackers time

If your endpoint strategy is mostly “block known bad hashes” and “train users not to click,” this is exactly the kind of intrusion you’ll miss.

Where AI-powered cybersecurity actually changes the outcome

AI isn’t magic, and I’m not interested in hand-wavy promises. But ForumTroll is a clean example of a scenario where machine learning for anomaly detection and cross-domain correlation beats siloed controls.

Here’s the practical map: what AI can detect at each stage, even when indicators are weak.

Email layer: detecting intent, not just indicators

A good AI model can score phishing risk from message intent and context:

• Brand impersonation signals (visual similarity, structural similarity)
• Unusual sender/recipient relationship patterns
• “Administrative pressure” themes (plagiarism, compliance, account action)
• Target-specific personalization that doesn’t match known workflows

The win isn’t perfect classification. The win is smart routing: high-risk messages get extra friction (safe links, attachment detonation, warning banners, or quarantine).

Web layer: catching one-time links with behavioral fingerprints

One-time URLs are harder to analyze after the fact, but they often share behavioral traits:

• Redirect patterns and conditional content
• OS/agent fingerprinting
• Short-lived tokens or single-use download endpoints

AI-based web security can flag pages that behave like “gated droppers,” especially when combined with telemetry like: “this user never downloads ZIPs from new external domains.”

Endpoint layer: spotting suspicious script chains

ForumTroll’s reliance on LNK + PowerShell is a gift—if your endpoint stack watches behavior, not just files.

High-signal behaviors to model:

• explorer.exe launching a .lnk that spawns powershell.exe
• PowerShell with suspicious flags (hidden window, encoded commands)
• Network calls from PowerShell to rare external hosts
• DLL writes into unusual directories
• COM hijacking persistence attempts

AI can triage these into fewer, higher-confidence alerts by learning what “normal PowerShell” looks like in your environment.

Identity layer: detecting compromised accounts early

Even when the initial goal is device access, attackers often pivot to identity. A strong AI-driven SOC approach correlates:

• New device + new IP + new sign-in pattern
• Token anomalies (impossible travel, unfamiliar user agent, unusual OAuth consent)
• Lateral movement indicators post-compromise

This is where modern phishing defense should land: treat targeted phishing as an identity and endpoint problem, not just an email problem.

A practical playbook: how to defend against campaigns like ForumTroll

If you’re responsible for security operations, you want actions that hold up under pressure—especially in late December when staffing is thin and attackers know it.

1) Add friction to “rare external downloads”

Make it harder for users to execute the first-stage artifact.

• Block or warn on ZIP downloads from newly observed domains (not only newly registered)
• Restrict LNK execution from user download locations where feasible
• Apply application control policies for script interpreters (PowerShell, wscript)

The goal: turn a single click into an event your tools can reliably observe.

2) Treat PowerShell as a monitored production system

PowerShell isn’t going away. So instrument it.

• Enable Script Block Logging and Module Logging where appropriate
• Alert on PowerShell making external network connections
• Baseline normal admin scripts and flag deviations

If you do one thing this quarter, do this: separate “IT automation PowerShell” from “user-launched PowerShell.” User-launched script execution is where infections live.

3) Use AI-driven anomaly detection to reduce alert fatigue

Many teams already collect the right telemetry; they just drown in it.

AI helps by:

• Prioritizing rare sequences (LNK → PowerShell → outbound download → persistence)
• Grouping related alerts into one incident
• Assigning risk scores based on user role, asset criticality, and historical behavior

A single high-fidelity incident beats 30 low-context alerts.

4) Harden the “human workflow” without blaming users

Security awareness training often fails because it’s abstract. Make it operational.

Give people a simple internal rule for academic/administrative lures:

• If it demands a download, it goes through a known portal—not an email link.
• If it’s personalized and urgent, verify via a second channel.
• If it’s a ZIP containing a shortcut, don’t open it.

That last point sounds basic, but it’s effective: most non-technical users don’t realize a shortcut can run code.

5) Prepare for one-time link investigations

Because one-time links break common IR workflows, adjust your playbooks:

• Capture the URL, headers, and full email body immediately
• Pull endpoint/network telemetry rather than relying on re-detonation
• Maintain rapid sandboxing for the downloaded artifact (ZIP/LNK), not just the link

Speed matters. With single-use URLs, delay is a visibility killer.

“People also ask” quick answers

Can AI detect spear-phishing that’s highly personalized?

Yes—when AI models incorporate context (sender reputation patterns, relationship graphs, writing style anomalies, and workflow mismatch), personalization becomes a signal, not camouflage.

Why do attackers use LNK files instead of EXE attachments?

Because shortcuts look harmless, often bypass attachment policies, and can launch script-based loaders that avoid traditional signature detection.

What’s the biggest gap enterprises have against targeted phishing?

Siloed tooling. The attacks cross email, web, endpoint, and identity. Defenses that don’t correlate across those layers respond too late.

What ForumTroll should change in your 2026 security roadmap

ForumTroll is a reminder that phishing is now a precision operation. Attackers plan domains months in advance, personalize artifacts, and use one-time links to frustrate analysis. If you’re still judging risk primarily on “does this look like mass phishing,” you’re operating a few years behind reality.

If you’re building an AI in Cybersecurity program for 2026, aim it at the highest-value problem: detecting and stopping targeted phishing before it becomes remote access. That means AI-assisted triage, anomaly detection across layers, and automated containment that doesn’t wait for a human to connect the dots.

If you had to pick one question to pressure-test your current stack, it’s this: When a single user clicks a believable link and launches a shortcut, do you get a single clear incident—or a pile of disconnected logs?