Key Details | Information |
---|---|
Threat Actors | RomCom (Russia-backed cyber threat group) |
Campaign Overview | Exploited two zero-day vulnerabilities (CVE-2024-49039 and CVE-2024-9680) to deliver the RomCom backdoor through malicious websites. |
Target Regions (or Victims) | Europe and America, including Ukrainian government entities, US and European industries (insurance, pharma, energy). |
Methodology | Chained browser and OS vulnerabilities; user visits a crafted malicious website that installs a backdoor. |
Product Targeted | Windows PCs (Windows 10 and older OS versions). |
Malware Reference | RomCom backdoor |
Tools Used | Exploit-hosting websites, maliciously crafted browser exploits. |
Vulnerabilities Exploited | CVE-2024-49039 (Windows Task Scheduler flaw, CVSS 8.8); CVE-2024-9680 (browser vulnerability in Firefox, Thunderbird, Tor, CVSS 9.8). |
TTPs | Exploit chaining, sandbox escape, installation of backdoors, targeting specific industries for espionage and financial gain. |
Attribution | RomCom group; likely state-sponsored or state-induced by Russia. |
Recommendations | Patch Windows and browsers immediately; upgrade to supported OS (Windows 11); avoid visiting suspicious links or websites; enable security tools like antivirus. |
Source | Forbes |
Read full article: https://www.forbes.com/sites/zakdoffman/2024/11/29/microsoft-windows-hacking-warning-450-million-users-must-now-act/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply