Security researchers found a new cyber attack chaining two zero-click security vulnerabilities together. The unknown security vulnerabilities were exploited both Mozilla Firefox and Windows.
Reportedly, the 0-click backdoor cyber attack is based on a Russian state-sponsored threat group called RomCom. It allows installing a backdoor onto a computer capable of executing commands and further downloading malware.
The two-chaining cyber attack, with Mozilla vulnerability, CVE-2024-9680, has a high exposure risk severity rating of 9.8. Meanwhile, the other Windows zero-click, CVE‑2024‑49039, security vulnerability rated at 8.8 out of 10 which operates maliciously functions outside the Firefox browser.
Additionally, the RomCom zero-click Russia attacker has many other names, such as Storm-0978, Tropical Scorpius, and UNC2596. The Russian-affiliated threat group is expected to target Ukraine’s government defense and energy sectors. ESET said, “in parallel with its more conventional cybercrime operations.” It also focused on the pharmaceutical and insurance sectors in the US, the legal sector in Germany, and governmental entities in Europe.
Unit 42 researchers, Yaron Samuel and Dominik Reichel, said, “RomCom RAT is a malware family that has evolved over the years to include different features and attack methods.” The statement added, “They engage in ransomware, extortion, and targeted credential gathering, likely to support intelligence-gathering operations.”
However, both vulnerabilities are patched by their designated vendors. Mozilla Firefox patched the vulnerability on October 9 after it was published on October 8, while the Windows vulnerability was fixed on November 12. On the other hand, the Palo Alto Unit 42 group published in Sept. 2024 that the RomCom threat actor had been actively using the malware since 2022.
Subscribe to our newsletter and get top Tech, Gaming & Streaming latest news, updates and amazing offers delivered directly in your inbox.