Press Release

Comment on RomCom Zero-Day Exploit Chain: Satnam Narang, Senior Staff Research Engineer, Tenable 

“The RomCom (also known as Storm-0978) group’s recent use of an exploit chain that included a Firefox zero day (CVE-2024-9680) and a Microsoft Windows privilege escalation zero day (CVE-2024-49039) shows the sheer determination of threat actors, while simultaneously highlighting how difficult it has become for threat actors to breach browser defenses. With the adoption of sandbox technology in modern browsers, threat actors need to do more than just exploit a browser vulnerability alone. By combining a browser-based exploit along with a privilege escalation flaw, the RomCom threat actor was able to bypass the Firefox sandbox. Interestingly enough, while this exploit chain was discovered by researchers at ESET, researchers at Google’s Threat Analysis Group were also credited with discovering the Windows privilege escalation zero-day, though it is unclear if they observed it as part of a separate exploit chain involving Google Chrome versus Mozilla Firefox.” — Satnam Narang, Senior Staff Research Engineer, Tenable