[ad_1]
Security researchers have discovered two previously unknown zero-day vulnerabilities that are being actively exploited by RomCom, a Russia-linked hacking group, to target Firefox browser users and Windows device owners across Europe and North America.
RomCom is a cybercrime group known for carrying out cyberattacks and other digital intrusions on behalf of the Russian government. The group – which last month was linked to a ransomware attack targeting Japanese tech giant Casio – is also known for its aggressive stance against organizations allied with Ukraine, which Russia invaded in 2014.
Researchers at security firm ESET say they’ve found evidence that RomCom combined the use of two zero-day flaws — described as such because software makers didn’t have enough time to roll out fixes before using them to hack people — to create a “zero-click.” An exploit, which allows hackers to remotely plant malware on the target computer without any user interaction.
“This level of sophistication demonstrates the threat actor’s ability and intent to develop stealthy attack methods,” said Damien Schaefer and Romain Dumont, researchers at ESET. he said in a blog post on Monday.
RomCom targets would have to visit a malicious website controlled by the hacking group in order to activate the zero-click exploit. Once exploited, the RomCom backdoor will be installed on the victim’s computer, allowing broad access to the victim’s device.
The number of potential victims from RomCom’s “large-scale” hacking campaign ranged from one victim per country to as many as 250, with the majority of targets in Europe and North America, Schiffer told TechCrunch.
Mozilla patched the vulnerability in Firefox on October 9, a day after ESET alerted the browser maker. The Tor Project, which is developing the Tor browser based on the Firefox database, also patched the vulnerability; Although Schiffer told TechCrunch that ESET saw no evidence of Tor being exploited during this hacking campaign.
Microsoft patched the vulnerability affecting the Windows operating system on November 12. Security researchers at Google’s threat analysis group, which investigates government-backed cyber attacks and threats, You mentioned the bug to Microsoft, suggesting that this exploit may have been used in other government-backed hacking campaigns.
[ad_2]