According to Google’s new Project Zero research, 2024 saw one of the most alarming trends in cyberattacks — a record 75 zero-day vulnerabilities were exploited in-the-wild that year. As the report details, government-affiliated hackers were crucial to these exploits, especially in their targeting of consumer platforms and products.
The data shows that of the 75 exploits, a whopping 34 were publicly attributed to strategic actors. Of these, at least 10 of the zero-day exploits were specifically attributed to hackers working on behalf of state governments. Remarkably, five of these zero-day exploits were linked to the nation-state hackers of China, while another five were linked to hackers from North Korea. These results highlight just how planned and developed government-sponsored cyber operations can be.
In addition to state-sponsored activities, the report attributes eight zero-day exploits to commercial surveillance vendors, including notable companies like the NSO Group. These vendors often claim that they exclusively cater to government customers. Their products have been associated with several high profile cyber incidents. Google’s analysis includes instances where Serbian authorities utilized Cellebrite phone-unlocking devices that exploited zero-day vulnerabilities, highlighting the intersection of law enforcement and surveillance technology.
Perhaps unsurprisingly, the report highlights a change in the zero-day exploitation landscape. Google observes that there have been “notable decreases in zero-day exploitation of some historically popular targets such as browsers and mobile operating systems.” This is indicative of a larger trend in which hackers are expanding their reach past conventional social media platforms.
Clément Lecigne @clémentlecinc is a security engineer at Google’s Threat Intelligence Group (GTIG). He focused in his talk on government hackers increasing their spending on operational security practices, aka opsec.
“They are investing more resources in operational security to prevent their capabilities being exposed and to not end up in the news,” – Clément Lecigne.
Beyond that, the report illuminates the other 11 attributed zero-days, probably used by many of the same cybercriminals as ransomware operators. This is a departure from the FBI’s previous assertion that government entities are the biggest players in cyberattacks, yet the threat from independent cybercriminals is still far-reaching.
In response to these threats, companies such as Apple and Google are taking the initiative with cutting-edge security measures. As per Apple’s example, Lockdown Mode has proven effective at preventing government-sponsored attacks. James Sadowski, principal analyst at GTIG discussed how their company is working to make devices more secure by design. He praised Google’s new Memory Tagging Extension (MTE) which finds certain classes of bugs.
“In instances where law enforcement action or public disclosure has pushed vendors out of business, we’ve seen new vendors arise to provide similar services,” – James Sadowski.
Leave a Reply