November 27, 2024 at 04:22AM A Russia-linked hacking group, RomCom, has exploited two recent Firefox and Windows zero-day vulnerabilities to install a backdoor on victims’ machines. Mostly targeting entities in North America and Europe, the group employs sophisticated methods requiring no user interaction, highlighting their capacity for stealthy cyber operations. ### Meeting Takeaways: 1. **APT … Read more
November 26, 2024 at 04:44PM In October, Russian hackers exploited two zero-day vulnerabilities affecting Firefox and Windows, allowing them to deploy malicious code via infected websites. The vulnerabilities were swiftly patched, limiting potential damage, primarily impacting targets in North America and Europe. The attackers utilized fake domains related to IT services to spread the malware. … Read more
November 26, 2024 at 06:28AM The Russian-based RomCom cybercrime group exploited two zero-day vulnerabilities targeting Firefox and Tor Browser users, allowing remote code execution without user interaction. Their attacks, focusing on organizations in Ukraine, Europe, and North America, utilized a malicious website to deploy the RomCom backdoor, indicating sophisticated capabilities and targeted espionage motives. ### … Read more
November 26, 2024 at 06:18AM The Russia-aligned group RomCom has exploited two zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows to install their backdoor malware on victim systems without user interaction. The attacks utilize a fake website to redirect users, highlighting RomCom’s advanced capabilities and its history of cybercrime since 2022. ### Meeting Takeaways – … Read more
October 17, 2024 at 12:18PM The Russian threat actor RomCom is linked to recent cyber attacks on Ukrainian government agencies and Polish entities, utilizing a variant of the RomCom RAT called SingleCamper. Targeting espionage, the group employs various malware tools, often starting with spear-phishing tactics, to establish long-term network access and exfiltrate data. Here are … Read more
September 24, 2024 at 08:10AM The RomCom malware, now in its SnipBot variant, has resurfaced, leveraging code-signing certificates for stealth. The cyberespionage threat targets victims through phishing emails, with malicious PDF files or executables. Its evolving obfuscation methods and post-exploitation activities highlight the need for advanced security measures to counter this ongoing threat. The meeting … Read more
October 13, 2023 at 03:59AM Void Rabisu, a threat actor associated with financially motivated ransomware attacks, has shifted its focus to targeted campaigns on Ukraine and countries supporting Ukraine. They have developed a new variant called ROMCOM, which they used in campaigns targeting EU military personnel and political leaders working on gender equality initiatives. The … Read more