Here are 10 key facts regarding the new zero-click cyber attack targeting Windows and Firefox users by Russian Group RomCom
It is confirmed that a new and serious zero-click cyber attack has been launched, attacking Windows and Mozilla Firefox users through two critical vulnerabilities. Found by security researchers, this attack is attributed to the Russian state-sponsored hacking group RomCom, also known as Storm-0978. Here is everything you need to know about this alarming new cyber attack and its impact on users.
What is the Role of RomCom?
The RomCom hacking group, also known as Storm-0978, has been involved in cyber espionage and cybercrime. Its primary targets are governments, defense sectors, and private industries, including pharmaceuticals and insurance. Its recent attacks have been based on stealing sensitive intelligence and data.
How Does the Attack Work?
This attack is unique in that it uses two zero-day vulnerabilities, CVE-2024-9680 and CVE-2024-49039, which exploit Firefox and Windows respectively. The attackers chain these vulnerabilities together to execute a zero-click exploit, meaning no user interaction is required for the malware to infect the system.
The Vulnerabilities
The Firefox vulnerability is a use-after-free memory flaw, which allows remote attackers to execute arbitrary code. It has a severe risk rating of 9.8 out of 10. The Windows vulnerability is a privilege escalation flaw, rated 8.8 out of 10, which allows attackers to bypass security measures and execute code outside of the Firefox browser's sandbox.
RomCom's Malware
The RomCom family of malware, which had evolved, was used in installing a backdoor onto compromised systems. The installed backdoor allowed the attacker to run commands, download additional malware, and siphon sensitive data off the compromised systems.
Locations Targeted
It mainly targets victims in Europe and North America, though its global significance indeed affects different sectors. Among the past victims are industries in Ukraine, Germany, and the US, targeting especially government and critical infrastructure areas.
Attack Chain Details
In this zero-click attack, a fake website redirects victims to a server hosting the exploit. The RomCom backdoor, upon successful installation, opens the door to further malicious activity. This exploit can bypass typical browser security.
Patch Updates Released
Both vulnerabilities have since been patched by Mozilla and Microsoft. Mozilla released the Firefox patch immediately on October 9, while Microsoft included the Windows patch in the November 12 Patch Tuesday update. However, if a system has not updated recently, it is likely vulnerable.
The Desperate Call for Updates
Despite the patches, experts say that the outdated software remains vulnerable. Mozilla Firefox and Windows users should update their browsers to the latest versions in order to prevent such exploits.
RomCom's New Focus
Traditionally, RomCom has been involved in cybercrime, but the group has changed its focus to espionage operations. This includes intelligence gathering and ransomware, extortion, and credential gathering in their activities.
How to Protect Yourself
To avoid falling victim to this zero-click exploit, users must ensure they are diligent about updating their Firefox browser and Windows OS regularly. Cybersecurity experts also suggest using updated antivirus software and implementing network security best practices to prevent infiltration by groups like RomCom.
