Endpoint/Device Security

New RomCom attacks involve Windows, Firefox zero-day exploits

Share
Firefox logo on a laptop screen

Intrusions exploiting a Firefox animation timeline use-after-free vulnerability, tracked as CVE-2024-9680, and a Windows Task Scheduler privilege escalation bug, tracked as CVE-2024-49039 both of which are zero-days have been deployed by Russian threat operation RomCom, also known as Tropical Scorpius, Storm-0978, and UNC2596, against North America and Europe as part of a sweeping attack campaign, BleepingComputer reports.

RomCom leveraged a fake website to redirect targets to an exploit-hosting server, which then facilitated the deployment and execution of the RomCom backdoor that could enable further payload compromise, according to an analysis from ESET. "Chaining together two zero-day vulnerabilities armed RomCom with an exploit that requires no user interaction. This level of sophistication shows the threat actor's will and means to obtain or develop stealthy capabilities," said ESET. Such a development comes after last year's NATO Summit attendees were targeted by RomCom in attacks involving the exploitation of a Windows and Microsoft Office vulnerability.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds