According to a new Google research, the government hackers were responsible for most of the zero-day exploits used in real-world cyberattacks last year.
According to a Google report, the number of zero-day exploits that mentioned security flaws unknown to software manufacturers at the time of the hacker's abuse fell from 98 exploits in 2023 to 75 exploits in 2024. Government-supported hackers.
Of these 23 exploits, 10 Zero Days were attributed to hackers working directly for the government, including five exploits related to China and five other exploits in North Korea.
Another eight exploits were identified as being developed by spyware manufacturers and surveillance enablers such as NSO groups, which normally claim to only sell to the government. Of the eight exploits created by Spyware Companies, Google also counts bugs that have been exploited recently by Serbian authorities.
Chart showing zero-day exploits caused by 2024 (Image: Google)
Despite the fact that there are eight recorded cases of zero-day developed by the Spyware manufacturer, Clément Leciigne, security engineer at Google's Threat Intelligence Group (GTIG), told TechCrunch that the companies are “investing more resources into operational security so their capabilities aren't ending in the news.”
Google added that surveillance vendors continue to multiply.
“We have seen new vendors arise to provide similar services if a vendor completes its business,” James Sadowkey, principal analyst at GTIG, told TechCrunch. “The industry will continue to grow as long as government customers continue to request and pay for these services.”
The remaining 11 zero-days could have been misused by cybercriminals, including ransomware operators targeting enterprise devices, including VPNs and routers.
The report also found that the majority of the total 75 zero days exploited in 2024 targeted consumer platforms and products such as mobile phones and browsers. The rest was using devices that can be seen on corporate networks.
According to a Google report, the good news is that it's becoming more and more difficult for software manufacturers defending against zero-day attacks to spot bugs.
“We have seen a noticeable decline in the use of zero-days in several historically popular targets, such as browsers and mobile operating systems,” the report states.
Sadowski specifically pointed out Lockdown Mode, a special feature on iOS and MacO that disables certain features with the aim of hardening phones and computers that have a proven track record of stopping government hackers. It also like the Memory Tagging Extension (MTE), a security feature of the latest Google Pixel Chipsets that helps detect certain types of bugs and improve device security.
Reports like Google are valuable because reports like Google provide the industry with data points that contribute to an understanding of how government hackers work.