EN
EN DE
EN
EN DE
Contact Us
Sign Up
Topics
Finance & insurance
Trade
Industry
IT & Consulting
Tourism
Transport
Law
Public

RomCom Backdoor Attacks Use Zero-Day Exploits in Mozilla and Windows (CVE-2024-9680 & CVE-2024-49039)

0
Share:
Aspect Details
Threat Actors RomCom, suspected ties to Russia, also known as Tropical Scorpius, Storm-0978, or UNC2596.
Campaign Overview Exploited zero-day vulnerabilities (CVE-2024-9680 & CVE-2024-49039) to deploy RomCom backdoor via zero-click exploits.
Target Regions (Or Victims) Primarily Europe and North America, with up to 250 affected targets between October 10 – November 4, 2024.
Methodology Fake domains, zero-click exploits, privilege escalation, and stealthy redirection via malicious websites.
Product Targeted Mozilla Firefox, Thunderbird, Tor browsers, and Microsoft Windows Task Scheduler.
Malware Reference RomCom backdoor
Tools Used Fake domains (e.g., redircorrectiv[.]com), Reflective DLL Injection, C2 servers like journalctd[.]live.
Vulnerabilities Exploited CVE-2024-9680 (Use-After-Free in Firefox), CVE-2024-49039 (Elevation of Privilege in Windows Task Scheduler).
TTPs Phishing domains, zero-click exploit chain, DLL injection, and system compromise via backdoor.
Attribution RomCom threat group, suspected Russian ties.
Recommendations Monitor for IOCs, use SOCRadar’s Vulnerability Intelligence to track CVEs, and implement Brand Protection for domain detection.
Source SOCRadar

Source

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
12:10 am, Mar 27, 2025
weather icon 8°C
L: 6° | H: 8°
scattered clouds
Humidity: 84 %
Pressure: 1024 mb
Wind: 5 mph SW
Wind Gust: 10 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 37%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 5:46 am
Sunset: 6:24 pm
DailyHourly
Daily ForecastHourly Forecast
Today 9:00 pm
weather icon
6° | 8°°C 0 mm 0% 9 mph 90 % 1024 mb 0 mm/h
Tomorrow 9:00 pm
weather icon
7° | 12°°C 1 mm 100% 13 mph 93 % 1015 mb 0 mm/h
Sat Mar 29 9:00 pm
weather icon
4° | 12°°C 0 mm 0% 9 mph 78 % 1023 mb 0 mm/h
Sun Mar 30 9:00 pm
weather icon
7° | 17°°C 0 mm 0% 10 mph 82 % 1024 mb 0 mm/h
Mon Mar 31 9:00 pm
weather icon
8° | 15°°C 0 mm 0% 8 mph 86 % 1028 mb 0 mm/h
Today 3:00 am
weather icon
8° | 9°°C 0 mm 0% 4 mph 87 % 1024 mb 0 mm/h
Today 6:00 am
weather icon
8° | 8°°C 0 mm 0% 4 mph 90 % 1023 mb 0 mm/h
Today 9:00 am
weather icon
11° | 11°°C 0 mm 0% 6 mph 69 % 1023 mb 0 mm/h
Today 12:00 pm
weather icon
16° | 16°°C 0 mm 0% 7 mph 51 % 1021 mb 0 mm/h
Today 3:00 pm
weather icon
17° | 17°°C 0 mm 0% 9 mph 47 % 1018 mb 0 mm/h
Today 6:00 pm
weather icon
15° | 15°°C 0 mm 0% 7 mph 60 % 1017 mb 0 mm/h
Today 9:00 pm
weather icon
12° | 12°°C 0 mm 0% 6 mph 78 % 1017 mb 0 mm/h
Tomorrow 12:00 am
weather icon
10° | 10°°C 0 mm 0% 7 mph 82 % 1015 mb 0 mm/h
Weather from OpenWeatherMap
Name Price24H (%)
Bitcoin(BTC)
€80,962.23
-0.47%
Ethereum(ETH)
€1,871.65
-2.65%
Tether(USDT)
€0.93
-0.01%
XRP(XRP)
€2.19
-4.03%
Solana(SOL)
€127.80
-4.38%
USDC(USDC)
€0.93
-0.01%
Dogecoin(DOGE)
€0.181488
2.29%
Shiba Inu(SHIB)
€0.000013
2.62%
Pepe(PEPE)
€0.000008
6.59%
Peanut the Squirrel(PNUT)
€0.214428
7.85%
Risikomonitor
Know and monitor IT vulnerabilities with just one click before it is too late.

Utility link

Useful link

Newsletter

Follow Us

Facebook Twitter Youtube Linkedin

© 2025 risikomonitor.com gmbh

Scroll to Top