A recent report from Google’s Threat Intelligence Group (GTIG) reveals that state-sponsored hackers were responsible for the majority of attributed zero-day exploits in 2024.
Out of 75 zero-day vulnerabilities identified as exploited in the wild, at least 23 were linked to government-backed actors. Among these, five exploits were attributed to China and another five to North Korea.
Zero-day vulnerabilities are security flaws unknown to software vendors at the time they are exploited. While the total number of such exploits decreased from 98 in 2023 to 75 in 2024, the proportion attributed to state-sponsored groups remains significant.
The report also highlights the role of commercial surveillance vendors in the proliferation of zero-day exploits. Eight of the identified exploits were developed by such vendors, including companies like NSO Group and Cellebrite, which typically sell their tools to government agencies.
GTIG notes a shift in targeting strategies, with 44% of zero-day exploits in 2024 aimed at enterprise products, particularly security and networking software. This marks an increase from 37% in 2023, indicating a growing focus on enterprise technologies by threat actors.
Despite the decrease in total zero-day exploits, Google warns that the overall trend shows a gradual increase in such attacks over time. The report emphasizes the need for continued vigilance and improved security measures to counteract the evolving threat landscape.
Source: Google Cloud