Hey there, did you hear about the latest news regarding the threat actor group RomCom? They’ve recently exploited two zero-day vulnerabilities in their backdoor campaigns, putting Windows users at risk. The good news is that patches for these vulnerabilities are available, so make sure to update your systems to stay protected!
RomCom Strikes Again with Zero-Day Exploits
According to a recent report by ESET, RomCom, a Russian threat actor group, is back in action targeting Windows users. They are using two zero-day vulnerabilities to deploy backdoor malware in their recent attacks.
The vulnerabilities they are exploiting include:
- CVE-2024-9680 (critical; CVSS 9.8): This vulnerability affects Mozilla products such as Firefox and Thunderbird, allowing code execution in the content process.
- CVE-2024-49039 (important; CVSS 8.8): A privilege escalation vulnerability in Windows Task Scheduler that Microsoft has patched with the November 2024 updates.
Even though patches are available, RomCom is still targeting unpatched systems with these vulnerabilities to deploy their backdoor malware.
Attackers Keep a Low Profile in Recent Campaign
RomCom, also known as Storm-0978, Tropical Scorpius, or UNC2596, is a threat actor group known for financially motivated attacks and cyber espionage. In their recent attacks, they are luring users into downloading malware through phishing web pages.
Recent attacks have primarily focused on users in North America and Europe, with the attackers targeting a small number of users per country to maintain a low profile.
To stay safe from these attacks, make sure to update your systems with the latest patches as soon as possible.
We’d love to hear your thoughts on this – feel free to share in the comments below!
