Russia-linked hackers exploited Firefox and Windows bugs in ‘widespread’ hacking campaign

Date:

Share post:


Security researchers have uncovered two previously unknown zero-day vulnerabilities that are being actively exploited by RomCom, a Russian-linked hacking group, to target Firefox browser users and Windows device owners across Europe and North America.

RomCom is a cybercrime group that is known to carry out cyberattacks and other digital intrusions for the Russian government. The group — which was last month linked to a ransomware attack targeting Japanese tech giant Casio — is also known for its aggressive stance against organizations allied with Ukraine, which Russia invaded in 2014.

Researchers with security firm ESET say they found evidence that RomCom combined use of the two zero-day bugs — described as such because the software makers had no time to roll out fixes before they were used to hack people — to create a “zero click” exploit, which allows the hackers to remotely plant malware on a target’s computer without any user interaction.

“This level of sophistication demonstrates the threat actor’s capability and intent to develop stealthy attack methods,” ESET researchers Damien Schaeffer and Romain Dumont said in a blog post on Monday.

RomCom’s targets would have to visit a malicious website controlled by the hacking group in order to trigger the zero-click exploit. Once exploited, RomCom’s eponymous backdoor would be installed on the victim’s computer, allowing broad access to a victim’s device.

Schaeffer told TechCrunch that the number of potential victims from RomCom’s “widespread” hacking campaign ranged from a single victim per country to as many as 250 victims, with the majority of targets based in Europe and North America.

Mozilla patched the vulnerability in Firefox on October 9, a day after ESET alerted the browser maker. The Tor Project, which develops the Tor Browser based on Firefox’s codebase, also patched the vulnerability; though Schaeffer told TechCrunch that ESET has seen no evidence that the Tor Browser was exploited during this hacking campaign.

Microsoft patched the vulnerability affecting Windows on November 12. Security researchers with Google’s Threat Analysis Group, which investigates government-backed cyberattacks and threats, reported the bug to Microsoft, suggesting that the exploit may have been used in other government-backed hacking campaigns.



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

Eyewa now has 150 stores selling eyeglasses in the Mideast, and just raised $100M to add 100 more

Helping consumers find the perfect glasses is a booming global business, spawning giants like Warby Parker in...

Ai2 releases new language models competitive with Meta’s Llama

There’s a new AI model family on the block, and it’s one of the few that can...

Roblox starts offering 25% more game currency for web purchases

As scrutiny around Apple and Google’s app store fees tightens around the world, gaming platform Roblox has...

Trump considers naming an ‘AI czar’

Incoming president Donald Trump is considering naming an “AI czar” in the White House, Axios reports. Should...

Elon Musk wants to block the transfer of InfoWars’ X accounts to The Onion

The Onion, a satirical publication, won a bankruptcy auction earlier this month to purchase conspiracy theorist Alex...

SpaceX gets FCC green light for Starlink direct-to-phone deal with T-Mobile

The FCC has granted SpaceX permission to go forward with plans to offer a direct-to-phone version of...

AWS re:Invent 2024: What to expect and how to watch Amazon’s biggest event of the year

Amazon Web Services’ (AWS) biggest conference of the year is around the corner, and all signs point...

ServiceTitan could be the first of many ‘dirty’ term-sheet IPOs, VCs believe

When ServiceTitan filed documents last week for its IPO, hoping to have its debut before the end...