Recent research from Google has revealed that government-affiliated hackers were implicated in the majority of zero-day exploits used in cyberattacks throughout 2024. A zero-day exploit refers to a previously unknown security flaw that software developers are unaware of until it is exploited. Google’s findings indicate a decrease in zero-day exploits: from 98 in 2023 to 75 in 2024. Importantly, of the exploits that Google successfully attributed, at least 23 were linked to state-sponsored actors.
Among these 23 identified exploits, 10 were traced back to government operatives, with half attributed to hackers from China and the other half to those from North Korea. Additionally, eight of the exploits were associated with private spyware vendors, like the NSO Group, known for their surveillance products typically marketed to government agencies. This category also included vulnerabilities exploited by Serbian authorities using Cellebrite devices designed for unlocking phones.
A security engineer from Google’s Threat Intelligence Group (GTIG), Clément Lecigne, highlighted that as spyware companies enhance their operational security to align with evolving threats, they become less exposed and scandal-prone. The landscape remains fluid, with new vendors stepping in to fill the void left when others face legal or public scrutiny, as noted by James Sadowski from GTIG. This vendor proliferation persists as long as there is a steady demand from government clients.
The report also indicated that cybercriminals, particularly ransomware groups targeting corporate infrastructure—such as VPNs and routers—were behind the remaining 11 exploits. Notably, most of the 75 zero-days focussed on consumer technologies and platforms, including mobile phones and web browsers, rather than solely targeting corporate devices.
On a positive note, there are promising enhancements in the resilience of software against zero-day vulnerabilities. Google reported a marked improvement in the security measures employed by software developers, making it progressively challenging for hackers to identify exploitable flaws. Innovations like Lockdown Mode, which strengthens security on iOS and macOS devices, and Google’s Memory Tagging Extension (MTE) for its Pixel chipsets are yielding benefits in this regard, as they help mitigate the risks posed by government hackers.
The insights from Google’s report remain crucial for the broader cybersecurity landscape, providing a clearer picture of state-sponsored hacking activities. While the inherent complexity of identifying zero-day exploits remains—due to the stealthy nature of these threats and the challenge of attribution—such reports are essential for refining industry strategies against these persistent threats.
Fanpage:Â TechArena.au
Watch more about AI – Artificial Intelligence
