Russia-Linked Hackers Exploited Firefox, Windows Bugs In 'Widespread' Hacking Campaign

An anonymous reader quotes a report from TechCrunch: Security researchers have uncovered two previously unknown zero-day vulnerabilities that are being actively exploited by RomCom, a Russian-linked hacking group, to target Firefox browser users and Windows device owners across Europe and North America. RomCom is a cybercrime group that is known to carry out cyberattacks and other digital intrusions for the Russian government. The group -- which was last month linked to a ransomware attack targeting Japanese tech giant Casio -- is also known for its aggressive stance against organizations allied with Ukraine, which Russia invaded in 2014.

Researchers with security firm ESET say they found evidence that RomCom combined use of the two zero-day bugs -- described as such because the software makers had no time to roll out fixes before they were used to hack people -- to create a 'zero click' exploit, which allows the hackers to remotely plant malware on a target's computer without any user interaction. 'This level of sophistication demonstrates the threat actor's capability and intent to develop stealthy attack methods,' ESET researchers Damien Schaeffer and Romain Dumont said in a blog post on Monday. Schaeffer told TechCrunch that the number of potential victims from RomCom's 'widespread' hacking campaign ranged from a single victim per country to as many as 250 victims, with the majority of targets based in Europe and North America. Mozilla and the Tor Project quickly patched a Firefox-based vulnerability after being alerted by ESET, with no evidence of Tor Browser exploitation. Meanwhile, Microsoft addressed a Windows vulnerability on November 12 following a report by Google's Threat Analysis Group, indicating potential use in government-backed hacking campaigns.

Read more of this story at Slashdot.