Suche
Beiträge, die mit backdoor getaggt sind
Firefox & Windows Zero-Days exploited by Russian RomCom Threat Actor’s.
IT-security researchers at ESET have exposed a malicious campaign by the Russia-linked RomCom group, which combined two previously unknown (zero-day) vulnerabilities to compromise targeted systems including Windows and Firefox.
https://www.welivesecurity.com/en/eset-research/romcom-exploits-firefox-and-windows-zero-days-in-the-wild/
#firefox #windows #zerodays #backdoor #it #security #privacy #engineer #media #tech #news
![[ImageSource: ESET]
RomCom Victims Heatmap
ESET’s investigation shows that RomCom targeted various sectors, including government entities in Ukraine, the pharmaceutical industry in the US and the legal sector in Germany, for both espionage and cybercrime purposes. The group, also known as Storm-0978, Tropical Scorpius or UNC2596, is known for both opportunistic attacks and targeted espionage.
From October 10th to November 4th, ESET’s data showed that users visiting these malicious websites were primarily located in Europe and North America, with the number of victims ranging from one to as many as 250 in some countries.](https://friendica-leipzig.de/photo/preview/600/314593 "[ImageSource: ESET]
RomCom Victims Heatmap
ESET’s investigation shows that RomCom targeted various sectors, including government entities in Ukraine, the pharmaceutical industry in the US and the legal sector in Germany, for both espionage and cybercrime purposes. The group, also known as Storm-0978, Tropical Scorpius or UNC2596, is known for both opportunistic attacks and targeted espionage.
From October 10th to November 4th, ESET’s data showed that users visiting these malicious websites were primarily located in Europe and North America, with the number of victims ranging from one to as many as 250 in some countries.")
![[ImageSource: ESET]
RomCom Attack Flow
The exploit chain worked by first redirecting users to fake websites, which used domains designed to appear legitimate and included the names of other organizations, before sending them to a server hosting the exploit code.
These fake sites often used the prefix or suffix “redir” or “red” to a legitimate domain, and the redirection at the end of the attack took the victims to the legitimate website, hiding the attack. Once the exploit successfully ran, it installed RomCom’s custom backdoor, giving the attackers remote access and control over the infected machine.
"The compromise chain is composed of a fake website that redirects the potential victim to the server hosting the exploit and should the exploit succeed, shellcode is executed that downloads and executes the RomCom backdoor," said ESET researcher Damien Schaeffer.](https://friendica-leipzig.de/photo/preview/600/314595 "[ImageSource: ESET]
RomCom Attack Flow
The exploit chain worked by first redirecting users to fake websites, which used domains designed to appear legitimate and included the names of other organizations, before sending them to a server hosting the exploit code.
These fake sites often used the prefix or suffix “redir” or “red” to a legitimate domain, and the redirection at the end of the attack took the victims to the legitimate website, hiding the attack. Once the exploit successfully ran, it installed RomCom’s custom backdoor, giving the attackers remote access and control over the infected machine.
\"The compromise chain is composed of a fake website that redirects the potential victim to the server hosting the exploit and should the exploit succeed, shellcode is executed that downloads and executes the RomCom backdoor,\" said ESET researcher Damien Schaeffer.")
IT-security researchers at ESET have exposed a malicious campaign by the Russia-linked RomCom group, which combined two previously unknown (zero-day) vulnerabilities to compromise targeted systems including Windows and Firefox.
https://www.welivesecurity.com/en/eset-research/romcom-exploits-firefox-and-windows-zero-days-in-the-wild/
#firefox #windows #zerodays #backdoor #it #security #privacy #engineer #media #tech #news
![[ImageSource: ESET]
RomCom Victims Heatmap
ESET’s investigation shows that RomCom targeted various sectors, including government entities in Ukraine, the pharmaceutical industry in the US and the legal sector in Germany, for both espionage and cybercrime purposes. The group, also known as Storm-0978, Tropical Scorpius or UNC2596, is known for both opportunistic attacks and targeted espionage.
From October 10th to November 4th, ESET’s data showed that users visiting these malicious websites were primarily located in Europe and North America, with the number of victims ranging from one to as many as 250 in some countries.](https://nerdculture.de/system/media_attachments/files/113/566/540/454/526/125/original/a38df4b9fc8e27b0.png "[ImageSource: ESET]
RomCom Victims Heatmap
ESET’s investigation shows that RomCom targeted various sectors, including government entities in Ukraine, the pharmaceutical industry in the US and the legal sector in Germany, for both espionage and cybercrime purposes. The group, also known as Storm-0978, Tropical Scorpius or UNC2596, is known for both opportunistic attacks and targeted espionage.
From October 10th to November 4th, ESET’s data showed that users visiting these malicious websites were primarily located in Europe and North America, with the number of victims ranging from one to as many as 250 in some countries.")
![[ImageSource: ESET]
RomCom Attack Flow
The exploit chain worked by first redirecting users to fake websites, which used domains designed to appear legitimate and included the names of other organizations, before sending them to a server hosting the exploit code.
These fake sites often used the prefix or suffix “redir” or “red” to a legitimate domain, and the redirection at the end of the attack took the victims to the legitimate website, hiding the attack. Once the exploit successfully ran, it installed RomCom’s custom backdoor, giving the attackers remote access and control over the infected machine.
"The compromise chain is composed of a fake website that redirects the potential victim to the server hosting the exploit and should the exploit succeed, shellcode is executed that downloads and executes the RomCom backdoor," said ESET researcher Damien Schaeffer.](https://nerdculture.de/system/media_attachments/files/113/566/541/026/775/880/original/526a5abb2bd31355.png "[ImageSource: ESET]
RomCom Attack Flow
The exploit chain worked by first redirecting users to fake websites, which used domains designed to appear legitimate and included the names of other organizations, before sending them to a server hosting the exploit code.
These fake sites often used the prefix or suffix “redir” or “red” to a legitimate domain, and the redirection at the end of the attack took the victims to the legitimate website, hiding the attack. Once the exploit successfully ran, it installed RomCom’s custom backdoor, giving the attackers remote access and control over the infected machine.
\"The compromise chain is composed of a fake website that redirects the potential victim to the server hosting the exploit and should the exploit succeed, shellcode is executed that downloads and executes the RomCom backdoor,\" said ESET researcher Damien Schaeffer.")
RomCom exploits Firefox and Windows zero days in the wild
ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit.www.welivesecurity.com
Cybercriminals exploit #ProjectSend flaw to #backdoor exposed servers
https://www.bleepingcomputer.com/news/security/hackers-exploit-projectsend-flaw-to-backdoor-exposed-servers/
#cybersecurity
https://www.bleepingcomputer.com/news/security/hackers-exploit-projectsend-flaw-to-backdoor-exposed-servers/
#cybersecurity