Security researchers have disclosed two new zero-day vulnerabilities. These flaws are being exploited by Russia-backed hacking group RomCom. This hacking campaign is mainly targeting Firefox browser users and Windows device users in Europe and North America.
What is RomCom Hacking Group?
RomCom is a cybercrime group known for carrying out cyberattacks and digital intrusions against the Russian government. Last month, the group was also linked to a ransomware attack on Japanese technology company Casio. RomCom primarily targets organizations supporting Ukraine. Russia’s invasion of Ukraine started in 2014.
Exploitation of zero-day flaws
Researchers at security firm ESET discovered that Romcom had developed a zero-click exploit by combining these two zero-deficiency vulnerabilities. Zero-click exploit technology allows hackers to install malware on users’ devices without any technology. ESET researchers Damien Schaefer and Romain Dumont said, “This level of technical proficiency demonstrates the group’s ability and intent to conduct covert attacks.”
How does it work?
- The goal of RomCom is to deter visitors from visiting a corrupted website controlled by a hacking group.
- Once the flaw is exploited, hackers install the RomCom backdoor on users’ computers.
- After this, hackers get extensive access to users’ devices.
- According to ESET, this “widespread” campaign could have up to 250 potential victims, the majority of whom are in Europe and North America.
Security measures and updates
Mozilla fixed the flaw in Firefox on October 9, a day after ESET alerted them. The Tor Project, which creates the Tor browser based on the Firefox codebase, also fixed the flaw, although ESET noted that the Tor browser was not used in this campaign. Microsoft fixed the flaw in Windows on November 12.
Comments are closed.