A sophisticated cyber attack campaign by the Russia-linked threat actor RomCom has been uncovered, exploiting critical zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows. The attack enables automatic deployment of malicious software without user interaction.
Critical Vulnerabilities
– Mozilla Firefox (CVE-2024-9680): Animation component vulnerability with critical severity score of 9.8
– Microsoft Windows (CVE-2024-9680): Task Scheduler privilege escalation flaw rated at 8.8
Attack Chain
The attack begins when users visit the malicious website “economistjournal.cloud,” which redirects to an exploit server. Vulnerable Firefox browsers automatically trigger the exploit, utilizing both security flaws to install the RomCom RAT (Remote Access Trojan).
Impact
The campaign primarily affects users in Europe and North America, enabling attackers to execute code remotely and escalate system privileges. This marks RomCom’s second documented zero-day exploitation, demonstrating their enhanced attack capabilities.
Protection
Mozilla and Microsoft have released security patches addressing these vulnerabilities. Users are strongly advised to update their Firefox browsers and Windows systems immediately to protect against these threats.