Google says government hackers are leading the use of zero-day use

According to new Google research, most of the zero-day vulnerabilities used in real-world cyber attacks were attributed to most of the zero-day vulnerabilities used in real-world cyber attacks.

Google's report said the zero-day exploit count (referring to the unknown security flaws of software manufacturers at the time of hacker abuse) have dropped from 98 exploits in 2023 to 75 vulnerabilities in 2024. Government-backed hackers.

Of these 23 exploits, 10 zero-days were attributed to hackers working directly for the government, including five vulnerabilities related to China and five vulnerabilities in North Korea.

The other eight exploits were identified as being developed by spyware manufacturers and surveillance promoters such as the NSO Group, which are usually claimed to be sold to the government only. Among the eight exploits carried out by spyware companies, Google also calculated the errors recently used by Serbian authorities to unlock devices for exploitation.

34 graphs attributed to zero-days, including 10 due to state-sponsored espionage (5 in China and 5 in North Korea), and 8 other zero cycles attributed to commercial surveillance suppliers. — A chart shows the utilization attributed to zero-days in 2024. (Picture: Google)

Despite eight zero-cycle cases developed by spyware manufacturers, Clément Lecigne, a security engineer at Google's Threat Intelligence Group (GTIG), told TechCrunch that the companies "are investing in more operational security to prevent their capabilities from investing in their capabilities and will not stand out in the news. ”

Google added that surveillance vendors continue to spread.

“We have emerged new vendors to offer similar services in the event of law enforcement actions or public disclosures that shut down suppliers,” GTIG’s chief analyst James Sadowski told TechCrunch. “The industry will continue to grow as long as government customers continue to demand and pay for these services.”

The remaining 11 attributes to zero-days may be exploited by cybercriminals, such as ransomware operators targeting enterprise devices, including VPNs and routers.

The report also found that most of the 75 zero cycles that were exploited in 2024 are targeted at consumer platforms and products such as phones and browsers. The rest utilizes devices that are usually found on the company's network.

According to a Google report, the good news is that software manufacturers defending zero-day attacks are increasingly making exploiters difficult to find errors.

According to the report, “We are seeing a significant drop in zero-day development volume for some historically popular targets such as browsers and mobile operating systems.”

Sadowski specifically points out lock mode, a special feature of iOS and MACOS, which disables certain features for the purpose of hard phones and computers, with a reliable record of stopping government hackers; and the Memory Markup Extension (MTE), a security feature of modern Google Pixel chipsets that help detect certain types of errors and improve device security.

Reports like Google are valuable because they provide industry and observers with data points that help our understanding of how government hackers work – even if the inherent challenge to zero-day is that, by nature, some of them are undiscovered, and some of them are still unattributed.