RomCom RAT Exploits Customer Feedback Portals to Breach UK Organizations - #RomCom
The Russian threat actor group RomCom has been actively exploiting two zero-day vulnerabilities in a sophisticated cyberattack campaign targeting users primarily in North America and Europe. The first vulnerability, CVE-2024-9680, is a critical use-after-free issue in Mozilla Firefox's animation timeline feature, affecting various Mozilla products. The second, CVE-2024-49039, is a privilege escalation vulnerability in Windows Task Scheduler. By chaining these vulnerabilities, RomCom was able to execute arbitrary code and install backdoors on victims' systems without user interaction, showcasing their advanced capabilities. The campaign, which ran from October to November 2024, employed phishing tactics and fake websites to lure victims. Both Mozilla and Microsoft have since patched these vulnerabilities, emphasizing the importance of timely software updates. This incident highlights the evolving tactics of nation-state-aligned threat actors and the critical need for robust cybersecurity measures.