HomeCII/OTRomantic Comedy APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor

Romantic Comedy APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor

Published on

spot_img

In October, a critical security threat emerged when Russian hackers managed to exploit two zero-day vulnerabilities in Firefox and Windows, allowing them the potential to launch arbitrary code against anyone in the world who used the affected software. The malicious files were first discovered on a server managed by the Russian advanced persistent threat group RomCom (also known as Storm-0978, Tropical Scorpius, UNC2596) on Oct. 8, only five days after they had been uploaded on Oct. 3.

The vulnerabilities, CVE-2024-9680 and CVE-2024-49039, posed serious risks to users of Mozilla’s Firefox browser, its email client “Thunderbird,” and the Tor browser, which is based on Firefox’s Extended Support Release (ESR) browser. The exploit quickly spread the RomCom backdoor to unsuspecting visitors of infected websites, without the need for any user interaction. Victims would download the backdoor from RomCom-controlled servers and then be redirected to the intended website they were visiting.

These crafted websites targeted high-profile organizations such as ConnectWise, Devolutions IT services, and Correctiv, a nonprofit investigative journalism newsroom in Germany, reflecting RomCom’s shift towards politically motivated espionage in recent times. RomCom’s cyber-espionage activities have extended to sectors such as insurance, pharmaceuticals in the US, as well as defense, energy, and government in Ukraine.

The impact of these vulnerabilities remains unknown, although the majority of targets were concentrated in North America and Europe, with specific focus on the Czech Republic, France, Germany, Poland, Spain, Italy, and the US. Surprisingly, victims tracked by ESET were not compromised via the Tor browser due to its distinct settings compared to Firefox. RomCom primarily targeted corporations, which are less likely to use Tor.

Fortunately, both vulnerabilities have since been patched, with CVE-2024-9680 addressed on Oct. 9, just 25 hours after being notified to Mozilla, and CVE-2024-49039 fixed on Nov. 12. Despite this remediation effort, the responsibility lies with organizations to ensure prompt patch management to protect against such threats in the future.

Overall, the exploitations by Russian hackers via RomCom underscore the ever-present cybersecurity risks faced by users worldwide, emphasizing the importance of swift action and vigilance in safeguarding against potential threats in the digital landscape.

Source link

Latest articles

AI Adoption Increases as Cybersecurity Burnout Escalates

The Evolving Landscape of Cybersecurity: AI's Impact and Professional Sentiment In a recent study conducted...

Breach Roundup: DeepSeek Ignites Browser Ransomware

Breach Roundup: New Developments in Cybersecurity Threats and Incidents Every week, the world of cybersecurity...

Hackers Exploit ScreenConnect Remote Access Tool to Distribute AsyncRAT via Fake Installers

Campaign Exploits Legitimate Software for Malicious Aims A significant cyberattack campaign has been uncovered, revealing...

More like this

AI Adoption Increases as Cybersecurity Burnout Escalates

The Evolving Landscape of Cybersecurity: AI's Impact and Professional Sentiment In a recent study conducted...

Breach Roundup: DeepSeek Ignites Browser Ransomware

Breach Roundup: New Developments in Cybersecurity Threats and Incidents Every week, the world of cybersecurity...

Hackers Exploit ScreenConnect Remote Access Tool to Distribute AsyncRAT via Fake Installers

Campaign Exploits Legitimate Software for Malicious Aims A significant cyberattack campaign has been uncovered, revealing...