Security researchers have discovered two previously unknown zero-day vulnerabilities. These vulnerabilities are being actively exploited by Russia-linked hacking group RomCom, targeting Firefox browser users and Windows device owners in Europe and North America.
RomCom is a cybercrime group known for carrying out cyberattacks and other digital intrusions on behalf of the Russian government. The group was linked to a ransomware attack targeting Japanese technology giant Casio last month, but is also known for its aggressive stance against organizations allied with Ukraine, which Russia invaded in 2014. There is.
Researchers at security firm ESET found that in order for rom-coms to produce “zero clicks,” software makers did not have time to publish fixes before they were exploited by people to hack them, so two It said it had found evidence of a combination of zero-day bugs. This allows a hacker to remotely plant malware on a target computer without user interaction.
“This level of sophistication demonstrates the threat actor's capabilities and intent to develop stealth attack techniques,” ESET researchers Damien Schaefer and Romain Dumont said in a blog post on Monday.
For RomCom's targets to trigger the zero-click exploit, they would need to visit a malicious website maintained by the hacking group. If exploited, a backdoor named after RomCom will be installed on the victim's computer, allowing widespread access to the victim's device.
Schaefer told TechCrunch that the number of potential victims of RomCom's hacking campaign ranges from one to as many as 250 per country, with the majority of targets based in Europe and North America.
Mozilla patched the Firefox vulnerability on October 9, a day after ESET alerted browser makers. The Tor project, which develops the Tor browser based on the Firefox codebase, also fixed this vulnerability. However, Schaefer told TechCrunch that ESET has not seen any evidence that the Tor browser was exploited during this hacking campaign.
Microsoft patched this vulnerability affecting Windows on November 12th. Security researchers at Google's Threat Analysis Group, which investigates government-sponsored cyberattacks and threats, reported the bug to Microsoft and suggested the exploit may have been used in other government-sponsored hacking efforts. did.