Security researchers have identified a dangerous “zero-click” hacking campaign linked to the Russian-affiliated cybercrime group RomCom. The operation targets Firefox users and Windows systems across North America and Europe by weaponizing two previously unknown vulnerabilities.
Advanced “Zero-Click” Malware Deployment
The RomCom group, notorious for its ties to Russian state-sponsored cyberattacks, has successfully combined two zero-day exploits to bypass traditional security measures. By directing victims to a malicious website controlled by the threat actors, the group can remotely install their signature backdoor malware without requiring any user interaction or suspicious downloads.
ESET researchers Damien Schaeffer and Romain Dumont highlighted the high level of sophistication in this campaign, noting that the group’s ability to develop stealthy attack methods poses a significant threat to organizations and individuals alike.
Scope and Impact of the Campaign
RomCom has a history of targeting entities allied with Ukraine and recently gained notoriety for a ransomware attack against Japanese tech giant Casio. In this latest widespread campaign, investigators estimate the number of potential victims ranges from isolated cases to as many as 250 targets per country, primarily concentrated in Western regions.
Remediation and Patch Status
Upon discovery, security teams moved quickly to mitigate the threat:
- Firefox: Mozilla released a security patch on October 9, immediately following ESET’s disclosure. While the Tor Browser shares the same codebase, there is currently no evidence suggesting it was compromised in this specific operation.
- Windows: Microsoft issued a fix for the vulnerability on November 12. The bug was initially identified by Google’s Threat Analysis Group, which officially reported the issue to Microsoft. Industry experts suggest the exploit may have been utilized in other government-backed intelligence operations beyond the RomCom campaign.