RomCom Hackers Exploits Windows & Firefox Zero-Day in Advanced Cyberattacks

In a new wave of cyberattacks, the Russia-aligned hacking group “RomCom” has been found exploiting critical zero-day vulnerabilities in Microsoft Windows and Mozilla Firefox products.

Security researchers at ESET uncovered the alarming attack chain, which uses the vulnerabilities to deploy the RomCom backdoor without requiring any user interaction.

“The compromise chain is composed of a fake website that redirects the potential victim to the server hosting the exploit, and should the exploit succeed, shellcode is executed that downloads and executes the RomCom backdoor”.

The campaign has highlighted the increasing sophistication of cyber espionage efforts targeting key industries and government entities worldwide..

Dual Zero-Day Exploit Chain

The attack chain leverages two previously unknown vulnerabilities:

CVE-2024-9680: A critical vulnerability in Mozilla products, including Firefox, Thunderbird, and the Tor Browser, scoring 9.8 on the CVSS scale. This “use-after-free” bug in the animation timeline feature allows arbitrary code execution within the limited context ...