web analytics

Russian Hackers Target Mozilla, Windows in New Exploit Chain – Source: www.databreachtoday.com

Rate this post

Source: www.databreachtoday.com – Author:

Security Operations

ESET Discovers Two Major Vulnerabilities Exploited by Russian RomCom Hacking Group Chris Riotta (@chrisriotta) • November 26, 2024    

Russian Hackers Target Mozilla, Windows in New Exploit Chain
Eset said it uncovered critical vulnerabilities in Mozilla products and Windows exploited by the RomCom group to deploy a backdoor. (Image: Mozilla Foundation)

Two vulnerabilities in Mozilla products and Windows are being actively exploited by RomCom, a Kremlin-linked cybercriminal group known for targeting businesses and conducting espionage, warn security researchers from Eset.

See Also: Cloud Security and Developers: Role of Zero Standing Privilege

Researchers identified two critical vulnerabilities in Mozilla Foundation products. One, tracked as CVE-2024-9680, is a use-after-free flaw allowing code execution in the Firefox and the Thunderbird email client. It also affects the Tor Browser, which is a modified version of Firefox. The other flaw CVE‑2024‑49039 is a Windows privilege escalation bug bypassing the Firefox sandbox. Mozilla patched the first on Oct. 9, and Microsoft announced a fix for the second on Nov. 12.

Exploiting the two flaws together enables attackers to execute arbitrary code, an ability that RomCom hackers used to install a backdoor that can run commands and deploy additional modules on the victim’s system, said Damien Schaeffer, the researcher who discovered both vulnerabilities. The attack chain uses a fake website to redirect victims to an exploit server that executes shellcode to deploy the backdoor.

“We don’t know how the link to the fake website is distributed; however, if the page is reached using a vulnerable browser, a payload is dropped and executed on the victim’s computer with no user interaction required,” Schaeffer said in a statement sent to Information Security Media Group. Eset said this is RomCom’s second known zero-day exploit, following its June 2023 exploitation of CVE-2023-36884, a flaw in the Windows search function.

The vulnerabilities carry CVSS scores of 9.8 and 8.8. RomCom has carried out cybercrime and espionage campaigns against the defense, energy and government sectors in Ukraine, as well as the pharmaceutical and insurance sector in the United States, among other global victims (see: Ukrainian Agencies, NATO Targeted With RATs Ahead of Summit).

Reports have also previously attributed the Russian hacking group with a series of cyberespionage operations targeting attendees of several high-profile European conferences, including the 2023 Women Political Leaders summit in Brussels. Satnam Narang, senior research engineer at Tenable, said the attack underscores both the persistence of threat actors and the increasing difficulty of breaching browser defenses.

“With the adoption of sandbox technology in modern browsers, threat actors need to do more than just exploit a browser vulnerability alone,” Narang said in a statement. “By combining a browser-based exploit along with a privilege escalation flaw, the RomCom threat actor was able to bypass the Firefox sandbox.”

Original Post url: https://www.databreachtoday.com/russian-hackers-target-mozilla-windows-in-new-exploit-chain-a-26916

Category & Tags: –

Views: 2

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post