Russian RomCom’s Browser Blunder: Zero-Day Exploits Hit Europe and North America
The Russian RomCom group exploited zero-day vulnerabilities in Firefox and Tor Browser to target users in Europe and North America. By chaining these vulnerabilities, the group accessed systems without user interaction, redirecting victims to fake sites. This sophisticated attack highlights the cybercrime prowess of RomCom.
Hot Take:
When life gives you lemons, make lemonade. When life gives you zero-days, make RomCom malware! The Russian cybercriminals are back in the spotlight, proving once again that they have a flair for drama and a penchant for exploiting the newest flaws in our favorite web browsers. Who knew cybercrime could be this romantic?
Key Points:
- The Russian RomCom group exploited Firefox and Tor Browser zero-day vulnerabilities to target users in Europe and North America.
- Two vulnerabilities were used: CVE-2024-9680 (a use-after-free issue in Firefox) and CVE-2024-49039 (Windows Task Scheduler privilege escalation flaw).
- The attack involved a compromise chain using fake websites to deliver malware without user interaction.
- Mozilla released a fix for the vulnerabilities within 25 hours of disclosure by ESET.
- RomCom’s attacks have been linked to targeting Ukrainian and Polish entities with updated malware variants.
Already a member? Log in here