Windows Cyber Attack Warning: Zero-Click Russian Backdoors Confirmed!

December 5, 2024

•

Prominent Russia-linked hacker group RomCom has been discovered using a chain of previously unknown Zero-Day vulnerabilities, one with a severity rating of 9.8 and the other of 8.8. The vulnerabilities exist in the Mozilla Firefox browser and Windows itself. They can be exploited in order to install a backdoor capable of executing commands and downloading further malware onto the target computer.

The vulnerability with a 9.8 score, tracked as CVE-2024-9680, affects certain versions of Firefox, Thunderbird, and Tor Browser, and allows hackers to execute code only within the restricted context of the browser. This vulnerability chained with CVE-2024-49039, however, can allow code to be executed in the context of the logged-in user. In a successful attack, if a victim visits a website containing the exploit, arbitrary code could be run by hackers without any user action required, which could lead to the installation of backdoors and malware.

The compromise chain consists of a fake website that redirects the potential victim to the server hosting the exploit. Should the exploit succeed, shellcode downloads and executes the RomCom backdoor which gives attackers the capability to execute commands and download additional code to the victim’s machines.

The way that the link to the fake website is distributed is unclear at this stage.

Threat Actor Profile

RomCom is known by many aliases including Storm-0978, Tropical Scorpius, or UNC2596.

It is believed to be aligned with the Russian Federation and conducts both opportunistic attacks against vulnerable business targets as well as targetted espionage operations.

They have been named RomCom after the backdoor they are known for using, which is capable of executing commands and downloading additional modules to the victim’s machine.

Most recently they have been observed attacking Defense, Energy, and Government sector entities in Ukraine and the rest of Europe in targeted espionage campaigns.

Visit our homepage to learn about more threats to your security and how to protect yourself!

CVE-2024-49039, CVE-2024-9680, cyber espionage, cybersecurity threats, Firefox Zero-Day, malware attacks, RomCom backdoor, RomCom Zero-Day vulnerabilities, Russian hacker group, Windows Zero-Day

•

News

December 9, 2024

Romania’s Election System Suffered 85000 Attacks Approaching Elections!
December 6, 2024

Hackers Hacking Hackers: Turla Exploits Storm-0156 to Siphon Data
December 5, 2024

Windows Cyber Attack Warning: Zero-Click Russian Backdoors Confirmed!
November 27, 2024

HDFC Life Insurance Suffers Data Breach! How to Protect Yourself
November 20, 2024

Mailware: Swiss Hackers Using Snail Mail to Distrubute Malware
November 19, 2024

Update: CISA Adds Three Vulnerabilities to its Kown Exploited Vulnerabilities(KEV) Catalog
November 18, 2024

Indian Cybercrime Bust: Trio Arrested for Laundering Funds to China and Nepal via Cryptocurrency
November 12, 2024

How Hackers Avoid Detection using ZIP files
November 11, 2024

Winos 4.0: How Gaming Apps can be Used to Infect your Computer
October 30, 2024

ChatGPT Vulnerable to Manipulation using Hex Code

Decrypting

Windows Cyber Attack Warning: Zero-Click Russian Backdoors Confirmed!

Threat Actor Profile

Like this:

News

Romania’s Election System Suffered 85000 Attacks Approaching Elections!

Hackers Hacking Hackers: Turla Exploits Storm-0156 to Siphon Data

Windows Cyber Attack Warning: Zero-Click Russian Backdoors Confirmed!

HDFC Life Insurance Suffers Data Breach! How to Protect Yourself

Mailware: Swiss Hackers Using Snail Mail to Distrubute Malware

Update: CISA Adds Three Vulnerabilities to its Kown Exploited Vulnerabilities(KEV) Catalog

Indian Cybercrime Bust: Trio Arrested for Laundering Funds to China and Nepal via Cryptocurrency

How Hackers Avoid Detection using ZIP files

Winos 4.0: How Gaming Apps can be Used to Infect your Computer

ChatGPT Vulnerable to Manipulation using Hex Code