RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039

Aspect	Einzelheiten
Threat Actors	RomCom, suspected ties to Russia, also known as Tropical Scorpius, Storm-0978, or UNC2596.
Campaign Overview	Exploited zero-day vulnerabilities (CVE-2024-9680 & CVE-2024-49039) to deploy RomCom backdoor via zero-click exploits.
Target Regions (Or Victims)	Primarily Europe and North America, with up to 250 affected targets between October 10 – November 4, 2024.
Methodology	Fake domains, zero-click exploits, privilege escalation, and stealthy redirection via malicious websites.
Product Targeted	Mozilla Firefox, Thunderbird, Tor browsers, and Microsoft Windows Task Scheduler.
Malware Reference	RomCom backdoor
Tools Used	Fake domains (e.g., redircorrectiv[.]com), Reflective DLL Injection, C2 servers like journalctd[.]live.
Vulnerabilities Exploited	CVE-2024-9680 (Use-After-Free in Firefox), CVE-2024-49039 (Elevation of Privilege in Windows Task Scheduler).
TTPs	Phishing domains, zero-click exploit chain, DLL injection, and system compromise via backdoor.
Attribution	RomCom threat group, suspected Russian ties.
Recommendations	Monitor for IOCs, use SOCRadar’s Vulnerability Intelligence to track CVEs, and implement Brand Protection for domain detection.
Quelle	SOCRadar

Quelle

Kommentar verfassen Kommentieren abbrechen

London, GB

4:30 pm, Apr. 22, 2025

17°C

L: 16° | H: 18°

Fühlt sich an wie 16°C° overcast clouds

Luftfeuchtigkeit: 44 %

Druck: 1016 mb

Wind: 9 mph WSW

Windböe: 0 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 94%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 5:49 am

Sonnenuntergang: 8:07 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 10:00 pm

16° | 18°°C 0 mm 0% 11 mph 67 % 1016 mb 0 mm/h

Tomorrow 10:00 pm

8° | 11°°C 1 mm 100% 13 mph 95 % 1018 mb 0 mm/h

Do. Apr. 24 10:00 pm

9° | 15°°C 0.2 mm 20% 6 mph 86 % 1024 mb 0 mm/h

Fr. Apr. 25 10:00 pm

8° | 16°°C 0 mm 0% 8 mph 87 % 1024 mb 0 mm/h

Sa. Apr. 26 10:00 pm

9° | 13°°C 0.6 mm 60% 4 mph 96 % 1024 mb 0 mm/h

Today 7:00 pm

14° | 16°°C 0 mm 0% 11 mph 49 % 1016 mb 0 mm/h

Today 10:00 pm

10° | 12°°C 0 mm 0% 7 mph 67 % 1015 mb 0 mm/h

Tomorrow 1:00 am

10° | 10°°C 0 mm 0% 7 mph 76 % 1013 mb 0 mm/h

Tomorrow 4:00 am

8° | 8°°C 1 mm 100% 10 mph 95 % 1010 mb 0 mm/h

Tomorrow 7:00 am

9° | 9°°C 1 mm 100% 12 mph 94 % 1009 mb 0 mm/h

Tomorrow 10:00 am

8° | 8°°C 1 mm 100% 13 mph 93 % 1010 mb 0 mm/h

Tomorrow 1:00 pm

8° | 8°°C 0.8 mm 80% 10 mph 91 % 1012 mb 0 mm/h

Tomorrow 4:00 pm

11° | 11°°C 0 mm 0% 10 mph 73 % 1014 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€79,442.22	3.50%
Ethereum(ETH)	€1,493.39	5.38%
Fesseln(USDT)	€0.87	0.02%
XRP(XRP)	€1.90	2.61%
Solana(SOL)	€126.31	4.55%
USDC(USDC)	€0.87	0.00%
Dogecoin(DOGE)	€0.150300	6.91%
Shiba Inu(SHIB)	€0.000011	3.76%
Pepe(PEPE)	€0.000008	6.81%

RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039

Teilen:

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns