Cybersecurity experts have discovered two zero-day vulnerabilities that were exploited by the hacker group RomCom, targeting Windows machine owners and Firefox users across Europe and North America.
ESET specialists blamed the RomCom group, which is allegedly based in Russia, for the large-scale campaign. In a series of hacks, attackers exploited two zero-day vulnerabilities in the Firefox browser and Windows OS – errors that were used by hackers against victims even before software developers fixed them. The attack was carried out with minimal user interaction – all they had to do was visit the malicious website. When the victim opened the resource, the exploit was automatically activated and the RomCom backdoor was installed on the computer, giving the attackers access to the machine.
The number of likely victims of the malicious campaign varies from 1 to 250 per country, with the majority of victims located in Europe and North America. Mozilla developers fixed the vulnerability in the Firefox browser on October 9, the day after ESET notified them. The developers of the Tor project also fixed the vulnerability – the browser of the same name is based on the Firefox code base. ESET experts were unable to find evidence that the campaign exploited the Tor browser vulnerability. Microsoft fixed the Windows vulnerability on November 12 – the company was informed about it by the Google Threat Analysis Group.
If you notice an error, select it with the mouse and press CTRL+ENTER.