Russian-linked hacking group RomCom has been found to be actively exploiting two previously unknown zero-day vulnerabilities in Firefox and Windows, targeting users in Europe and North America. The vulnerabilities, which were uncovered by security researchers at ESET, are being used to create a "zero-click" exploit, allowing hackers to remotely plant malware on a target's computer without any user interaction.

RomCom, a cybercrime group known to carry out cyberattacks and digital intrusions for the Russian government, has a history of aggressive stances against organizations allied with Ukraine, which Russia invaded in 2014. The group was previously linked to a ransomware attack targeting Japanese tech giant Casio last month.

The two zero-day bugs, which were described as such because the software makers had no time to roll out fixes before they were used to hack people, were combined by RomCom to create the zero-click exploit. This level of sophistication demonstrates the threat actor's capability and intent to develop stealthy attack methods, according to ESET researchers Damien Schaeffer and Romain Dumont.

In order to trigger the zero-click exploit, RomCom's targets would have to visit a malicious website controlled by the hacking group. Once exploited, RomCom's eponymous backdoor would be installed on the victim's computer, allowing broad access to a victim's device. The number of potential victims from RomCom's hacking campaign ranged from a single victim per country to as many as 250 victims, with the majority of targets based in Europe and North America.

Mozilla patched the vulnerability in Firefox on October 9, a day after ESET alerted the browser maker. The Tor Project, which develops the Tor Browser based on Firefox's codebase, also patched the vulnerability; though Schaeffer told TechCrunch that ESET has seen no evidence that the Tor Browser was exploited during this hacking campaign.

Microsoft patched the vulnerability affecting Windows on November 12. Security researchers with Google's Threat Analysis Group, which investigates government-backed cyberattacks and threats, reported the bug to Microsoft, suggesting that the exploit may have been used in other government-backed hacking campaigns.

The discovery of these zero-day vulnerabilities highlights the ongoing cat-and-mouse game between cybercriminals and security researchers. As hacking groups continue to develop more sophisticated attack methods, it is essential for software makers and security firms to stay one step ahead in identifying and patching vulnerabilities.

The implications of this hacking campaign are far-reaching, with potential victims across Europe and North America. It is crucial for users to ensure they are running the latest versions of Firefox and Windows, and for organizations to remain vigilant in detecting and responding to cyber threats.

In the broader context, this hacking campaign serves as a reminder of the ongoing cyberwarfare between nation-states and the importance of cybersecurity in protecting individuals and organizations from these threats. As the cybersecurity landscape continues to evolve, it is essential for governments, software makers, and security firms to work together to stay ahead of these threats and protect users from the ever-growing threat of cyberattacks.