Our Gallery

Contact Info

Twitter
Facebook-f
Linkedin-in
Instagram

Cyber Blog

blog
0 Comments

Russian Hackers Exploited Zero-Day Vulnerabilities to Target Firefox and Tor Users

A Russian hacking group has been discovered using two previously unknown software vulnerabilities to target users of the Firefox and Tor browsers on Windows PCs.

The cybersecurity firm ESET has described the attacks as a potentially “widespread campaign” aimed at victims in Europe and North America. The hackers leveraged a malicious website disguised as a fake news platform to deploy the attack. Once a vulnerable browser accessed the site, the hackers could exploit the flaws to install a backdoor on the victim’s computer—without requiring any user interaction, according to ESET.

Dual Vulnerabilities Exploited

The first vulnerability, identified as CVE-2024-9680, allows Firefox and Tor browsers to execute unauthorized code within a restricted process. This was combined with a second vulnerability in Windows 10 and 11, known as CVE-2024-49039, enabling the attackers to execute malicious code beyond the browser environment and across the operating system.

Through this method, the hackers were able to secretly install a backdoor on the targeted machines. This backdoor could spy on the infected PCs by stealing files, capturing screenshots, and extracting sensitive data such as browser cookies and saved passwords.

Patch Updates and Remaining Risks

The vulnerabilities have since been patched by Mozilla, Tor, and Microsoft. Mozilla privately reported the issue on October 8, and both Firefox and Tor released fixes the following day. Microsoft addressed the Windows vulnerability on November 12.

Despite these patches, the risk persists for users who fail to update their software. According to ESET, its antivirus data indicates that up to 250 users across various countries may have encountered the attacks, which began as early as October.

Hacking Group “RomCom” Linked to the Campaign

ESET has attributed the attack to the Russian hacking group RomCom, which is involved in both cybercrime and espionage. This marks at least the second time RomCom has exploited a critical zero-day vulnerability. Earlier in 2023, the group abused CVE-2023-36884 in Microsoft Word to launch attacks.

Users are urged to update their software immediately to mitigate potential risks.