Russia-Linked Hackers Exploited Firefox, Windows Bugs In 'Widespread' Hacking Campaign (techcrunch.com) 31
An anonymous reader quotes a report from TechCrunch: Security researchers have uncovered two previously unknown zero-day vulnerabilities that are being actively exploited by RomCom, a Russian-linked hacking group, to target Firefox browser users and Windows device owners across Europe and North America. RomCom is a cybercrime group that is known to carry out cyberattacks and other digital intrusions for the Russian government. The group -- which was last month linked to a ransomware attack targeting Japanese tech giant Casio -- is also known for its aggressive stance against organizations allied with Ukraine, which Russia invaded in 2014.
Researchers with security firm ESET say they found evidence that RomCom combined use of the two zero-day bugs -- described as such because the software makers had no time to roll out fixes before they were used to hack people -- to create a "zero click" exploit, which allows the hackers to remotely plant malware on a target's computer without any user interaction. "This level of sophistication demonstrates the threat actor's capability and intent to develop stealthy attack methods," ESET researchers Damien Schaeffer and Romain Dumont said in a blog post on Monday. [...] Schaeffer told TechCrunch that the number of potential victims from RomCom's "widespread" hacking campaign ranged from a single victim per country to as many as 250 victims, with the majority of targets based in Europe and North America. Mozilla and the Tor Project quickly patched a Firefox-based vulnerability after being alerted by ESET, with no evidence of Tor Browser exploitation. Meanwhile, Microsoft addressed a Windows vulnerability on November 12 following a report by Google's Threat Analysis Group, indicating potential use in government-backed hacking campaigns.
Researchers with security firm ESET say they found evidence that RomCom combined use of the two zero-day bugs -- described as such because the software makers had no time to roll out fixes before they were used to hack people -- to create a "zero click" exploit, which allows the hackers to remotely plant malware on a target's computer without any user interaction. "This level of sophistication demonstrates the threat actor's capability and intent to develop stealthy attack methods," ESET researchers Damien Schaeffer and Romain Dumont said in a blog post on Monday. [...] Schaeffer told TechCrunch that the number of potential victims from RomCom's "widespread" hacking campaign ranged from a single victim per country to as many as 250 victims, with the majority of targets based in Europe and North America. Mozilla and the Tor Project quickly patched a Firefox-based vulnerability after being alerted by ESET, with no evidence of Tor Browser exploitation. Meanwhile, Microsoft addressed a Windows vulnerability on November 12 following a report by Google's Threat Analysis Group, indicating potential use in government-backed hacking campaigns.
Firefox: corrected since 9 Oct 2024 (Score:5, Informative)
No need to panic, if you have updated FF when it was out then you're safe. The FF bug (reported by D. Schaeffer from ESET) was corrected in version 131.0.2 https://www.mozilla.org/en-US/... [mozilla.org]
Derogatory names (Score:5, Interesting)
Re:Derogatory names (Score:5, Insightful)
I've seen the idea mentioned a few times that hacking groups should be given undesirable names instead of what the security companies are currently using. Who'd want to be known as "Pencil dicks" or "Basement dwelling virgins"?
American marketing could re-brand attacks that way. Claim the group is called (foreign language) something, which loosely translates into “pencil dick”.
It’s the perpetually hacked egos that prevent that. Lot easier for some arrogant CEO to pseudo-brag about how they were hacked by “Wicked Spear” rather than “Loser Squad”.
Re: (Score:1)
"Widespread", seriously? (Score:1)
Even if we assume small countries, 250 targets per country is not a lot.
Hooray! (Score:4, Funny)
Yay! Windows 10 is approaching "end of security lifespan!", and my computer "cannot upgrade to Windows 11!"
Hooray, Microsoft!
I assume with Windows 11 there's a direct pipine of the content of every file to Microsoft for advertising analysis.
Re: (Score:2)
Adults tend to not use obsolete hardware, even for Unix.
Re: Hooray! (Score:4, Insightful)
Re: (Score:2)
^^^ THIS
The hardware that MS is artificially forcing to be "obsolete" is far from it. They are choosing to make things obsolete for MS-Windows 11 for their own reasons, not for ours.
Re: (Score:2)
I assume with Windows 11 there's a direct pipine of the content of every file to Microsoft for advertising analysis.
Their (confidential) group of (NDA) corporate customers, also known as their profitable customer base, might just end up having a major fucking problem with that (private) move.
Lets see how long this bullshit lasts.
Re: (Score:2)
Good IT departments pay attention to product end of life issues and take steps to deal with it, including replacing all those 8th gen and older devices prior to October of 2025, plus putting in the effort to upgrade all Windows 10 machines to Windows 11.
Re: (Score:2)
Yay! Windows 10 is approaching "end of security lifespan!", and my computer "cannot upgrade to Windows 11!"
Microsoft telling you that a computer "cannot upgrade to Windows 11!" doesn't mean that the computer cannot be upgraded to Windows 11.
Re: (Score:3)
But why jump through hoops to stay in a user-hostile OS?
Re: (Score:2, Insightful)
Just install Linux.
It's what I did on my computer. It's a great productivity OS, these days. It even runs most Windows games with minimal effort with the likes of Lutris, Steam, Heroic launcher, etc.
Re: (Score:2)
Yay! Windows 10 is approaching "end of security lifespan!", and my computer "cannot upgrade to Windows 11!"
Microsoft has announced that it will offer another year of security updates for a modest price.
So when can we finally apply the IDP? (Score:4, Interesting)
Can we not just give Russia the Internet Death Penalty and have allied nations refuse to route their packets?
Re:So when can we finally apply the IDP? (Score:5, Insightful)
Yeah, the WMD plenty of non-Americans (and even a lot of Americans) were calling bullshit on. Those claims were known to be false more or less as soon as they were made, but the powers that be didn't care and were pushing the narrative on their pretext anyway.
Russia's paper trail, digital fingerprints, and outright assassinations on foreign soil? Everywhere. They're not subtle, it's just usually people aren't interested in dealing with the trouble of making a big official stink about it.
Maybe we ought to be tired of all of the little affronts that aren't worth risking a confrontation over. Because the sum of them certainly IS.
Re: (Score:1)
Are we the lame guys? (Score:4, Funny)
How is it that all the cool hackers are Russia-backed, China-linked or even North-Korean? Except a few also-run cybercrooks from Iran and other certified boogy states? What ever happened to the good old Italian Mafia? American gangsters, West-German terrorists, their Eastern state-sponsored collegues, Gauloise smoking French do no goods in leather jackets and polite and ice-cold British criminals?
Have we lost the crime race?