Security researchers have discovered that a Russian-linked hacking group, known as RomCom, has been actively exploiting two previously unknown zero-day vulnerabilities to target users of the Firefox browser and Windows devices in Europe and North America.

RomCom is a cybercrime group associated with the Russian government, known for carrying out cyberattacks and digital intrusions. The group has been linked to a ransomware attack on Casio and is also known for targeting organizations allied with Ukraine.

Zero-Day Exploits

Researchers at security firm ESET found evidence that RomCom combined these zero-day bugs to create a “zero-click” exploit. This method allows hackers to remotely install malware on a victim’s computer without any user interaction. The sophistication of these attacks demonstrates the group’s capability and intent to develop stealthy methods.

Targeted Victims

Victims of RomCom’s hacking campaign would have to visit a malicious website controlled by the group to trigger the zero-click exploit. Once exploited, RomCom’s back door would be installed on the victim’s device, granting broad access.

Response and Patching

Mozilla patched the Firefox vulnerability on October 9, a day after being alerted by ESET. The Tor Project, based on Firefox’s codebase, also patched the vulnerability. Microsoft patched the Windows vulnerability on November 12 after being informed by Google’s Threat Analysis Group.

The hacking campaign targeted a range of victims in Europe and North America, with potential victims numbering from a single victim per country to as many as 250. While the vulnerabilities have been addressed, the sophistication and intent of the attacks highlight the ongoing threat posed by cybercrime groups like RomCom.