Russian State-sponsored cybercriminals exploited 0-Day vulnerabilities in Firefox and Windows
Articles by the same author:
1
2
3
4
On November 26, 2024, Slovak cybersecurity firm ESET released a report detailing two 0-day vulnerabilities in Firefox and Windows. The report explains how the Russian state-sponsored cybercriminal group RomCom successfully combined these two vulnerabilities to create a zero-click exploit. This exploit was triggered simply by a user with a Windows device visiting a specific malicious website using the Firefox browser.
Once activated, the exploit installed a backdoor on the vulnerable device, allowing the attackers to execute remote commands and deploy additional malicious payloads. Mozilla addressed the Firefox vulnerability with a patch on October 9, 2024, while Microsoft followed with a fix for Windows on November 12, 2024.
ESET’s report also includes telemetry data on the potential number of victims by country, corresponding to users who accessed websites distributing the backdoor. The affected regions include most European Union countries, as well as the United States, Canada, and New Zealand. France ranks second among the most impacted nations, with approximately 250 targeted entities, trailing only the Czech Republic.
However, ESET did not provide a detailed breakdown of the types of potential victims. Historically, RomCom has been known for conducting cyber-espionage operations targeting governmental and defense organizations.