The RomCom hacking group has struck again, exploiting zero-day vulnerabilities in Firefox and Windows, leaving authorities and users on high alert.
At a Glance
- RomCom exploited vulnerabilities in Firefox and Windows.
- The group’s actions were linked to Russian government interests.
- Patches by Mozilla and Microsoft were already issued.
- Cybersecurity defenses need immediate reinforcement.
RomCom’s Stealthy Tactics
RomCom hackers have utilized zero-day vulnerabilities to conduct cyber-attacks with unusually high sophistication. Exploiting two flaws, one in Firefox’s animation timeline and another in Windows Task Scheduler, RomCom managed to execute remote code without user interaction. These vulnerabilities, since identified as CVE-2024-9680 and CVE-2024-49039, have been patched by their respective developers following swift action initiated by cybersecurity firm ESET.
The scale and reach of the attack were global, emphasizing the group’s persistent threat. The vulnerability chain exploited by RomCom not only allowed command execution on victim machines, but facilitated deeper, undetected incursions, making urgent updates essential.
RomCom’s Growing Threat
ESET highlights the dangers posed by RomCom, noting their history of targeting entities supporting Ukraine. This particular campaign took advantage of a sophisticated zero-click exploit method enabled through the vulnerabilities. The group’s strategy involved fake websites that redirected victims to compromised servers hosting harmful scripts, culminating in unauthorized shellcode execution.
“Chaining together two zero-day vulnerabilities armed RomCom with an exploit that requires no user interaction. This level of sophistication shows the threat actor’s will and means to obtain or develop stealthy capabilities,” ESET says.
The wide geographic distribution of attacks underscores the global nature of RomCom’s operations. Their activities are thought to be financially supported, likely due to the group’s extortion, ransomware, and credential theft practices.
A Russia-aligned hacker group has used zero-day flaws in Firefox and Windows to deliver the RomCom backdoor malware.
The attack requires no user interaction—just visiting a compromised site is enough to trigger the exploit.
Read this article: https://t.co/CZRz7QmBaw#infosec
— The Hacker News (@TheHackersNews) November 26, 2024
Action and Response
Following ESET’s disclosure, Mozilla promptly patched the Firefox vulnerability on October 9, 2024, while Microsoft acted on November 12, 2024, to address the Windows flaw. ESET’s insights reveal the depth of RomCom’s capabilities and their recurrent exploitation of zero-day flaws, emphasizing the paramount importance of robust digital defenses.
As software updates unfold, users globally are strongly advised to update their systems to mitigate exposure. The situation further exemplifies the increasingly sophisticated tactics in cybercrime, urging nations and organizations worldwide to bolster their cybersecurity strategies.
