Zero-Day Exploits Actively Used by the Group to Reach Users in Europe and North America
A recently discovered cyber attack campaign, orchestrated by a Russia-linked hacker group known as RomCom, exploited two previously unknown vulnerabilities to compromise systems on the Firefox browser and Windows.
These vulnerabilities, known as zero-day exploits, were actively used by the group to target users in Europe and North America.
As TechCrunch recalls, RomCom is known for conducting cyber attacks and other online intrusions in favor of the Russian government. Last month, they were linked to a ransomware attack against Casio.
The group is also known for its aggressive stance against organizations linked to Ukraine, which was invaded by Russia in 2022.
Read More:
- How to Use Private Browsing Mode in Firefox
- 10 Features You Need to Know in Windows 11
- Update Your Mac Now: Serious Security Flaws in macOS
How Russian Hackers Accessed Firefox and Windows
The hackers employed a particularly dangerous technique known as “zero-click exploitation,” allowing them to remotely infect a victim’s device without any user interaction. This is achieved by tricking victims into visiting a malicious website where the exploit silently installs a backdoor on the target system.
Once the backdoor is installed, the intruders gain extensive control over the compromised device, potentially stealing confidential data, deploying ransomware, or launching new attacks.
Security researchers from ESET, who discovered the attack, warned on Monday (25) that the sophistication of the attack highlights the growing threat posed by state-sponsored hacker groups.
“This level of sophistication demonstrates the capability and intent of the threat actor to develop stealthy attack methods,” said ESET researchers Damien Schaeffer and Romain Dumont.
Schaeffer told TechCrunch that the potential number of victims ranges from one to 250 individuals.
Although Mozilla and Microsoft have fixed the vulnerabilities, users are advised to keep their software up to date and exercise caution while browsing the internet.
Firefox was updated on October 9, one day after Mozilla became aware of the vulnerability. Microsoft, on the other hand, fixed the issue on November 12 after receiving feedback from the Google Threat Analysis Group, a team that investigates government-backed threats and cyber attacks.
The Tor Project, which develops the Tor browser based on Firefox’s code, also fixed the vulnerability. However, Schaeffer told TechCrunch that ESET did not find evidence that the program was also a victim of the attack.
