Damien Schaeffer
Damien works as a Senior Malware Researcher at ESET, where he has specialized in targeted attack research. With a primary focus on APT, his main duties include hunting and reverse engineering of the latest threats. As a background, he holds an M.Sc. in Computer Science and previously worked in incident response, cyber threat intelligence, and malware analysis.
Session
Last year, the Russia-aligned group RomCom used a zero-click exploit combining vulnerabilities in Mozilla and Microsoft products. This exploit allowed them to compromise computers without user interaction. The attack involved a fake website that led to the execution of RomCom's backdoor.
The first part of the exploit targeted Firefox and Tor Browser, using a bug to run code. The second part involved a Windows vulnerability that allowed RomCom to gain higher privileges and deploy their backdoor. Microsoft and Mozilla quickly patched the issues.
RomCom's use of these vulnerabilities shows their advanced capabilities. This presentation covers RomCom's tactics, the attack chain, and the technical details of the exploits, along with the fixes from Mozilla and Microsoft.