In a brazen cyber assault, RomCom hackers have exploited zero-day vulnerabilities in Firefox and Windows, with widespread implications for users across Europe and North America.
At a Glance
- RomCom hackers exploited vulnerabilities in Firefox and Windows.
- Attacks targeted supporters of Ukraine in Europe and North America.
- ESET discovered the vulnerabilities, leading to speedy patches.
- Security firms urge immediate updates to mitigate risk.
Exploiting Zero-Day Vulnerabilities
The cybercriminal group RomCom, which has links to Russian state interests, targeted zero-day vulnerabilities within Firefox and Windows systems. Their campaign aimed at individuals supportive of Ukraine, and according to available information, the first vulnerability (CVE-2024-9680) was a use-after-free bug in Firefox’s animation timeline, while the second (CVE-2024-49039) involved privilege escalation in Windows Task Scheduler.
This attack highlighted the use of zero-click exploits, enabling silent system infiltration without user interaction. RomCom created a chain exploit for remote code execution, allowing them to run commands and deploy additional malware on victims’ devices. Cybersecurity company ESET’s researchers, including Damien Schaeffer, noted, “The number of potential targets runs from a single victim per country to as many as 250, according to ESET telemetry.”
Coordinated Attack Strategy
The RomCom hackers orchestrated their campaign by setting up fake websites. These sites redirected unsuspecting users to servers hosting malicious exploits, resulting in the execution of the RomCom backdoor. “The compromise chain is composed of a fake website that redirects the potential victim to the server hosting the exploit, and should the exploit succeed, shellcode is executed that downloads and executes the RomCom backdoor,” explained ESET researcher Damien Schaeffer.
Targeting browsers such as Firefox and Tor, particularly versions 12 and 13, the hackers were able to exploit system vulnerabilities extensively. This sophistication and strategic planning demonstrate the group’s capability and intent to carry out stealthy attacks. This incident underscores the continuous threat posed by state-backed cybercrime, urging vigilant cybersecurity measures.
Security Patches and Responses
Following the discovery of these vulnerabilities, ESET promptly informed Mozilla and Microsoft, leading to swift security patch releases. Mozilla released a patch on October 9 for Firefox, whereas Microsoft addressed the Windows issue on November 12. Despite Mozilla’s rapid response, it took Microsoft over a month to patch its systems, indicating varying response times among tech giants.