Google: Govt Hackers Lead Zero-Day Attacks in 2024
Published on
5 min read

Majority of Zero-Day Attacks Attributed to Government-backed Hackers, Google Report Shows

Google research has established that last year, most of the attributed zero-day vulnerabilities were conducted by hackers working for the government. According to TechCrunch, Google zero-day attacks reduced from 98 vulnerabilities in 2023 to 74 in 2024. However, the number of vulnerabilities found in 2024 were more than the 63 identified in 2022.

A zero-day attack is a form of cyberattack that focuses on a software vulnerability that is not known to the product or software maker. Since the vulnerability is not known, there isn’t a patch available to fix it at the time of exploitation.

Hackers leverage unknown vulnerability to get unauthorized access to computer systems in order to disrupt them and steal data before defenses are implemented. Although Google’s threat analysis report showed a drop in these attacks, it noted that at least 23 of the zero-day exploits identified were linked to government hackers.

10 of these government-backed zero-day attacks were linked to hackers working directly for the government. Google found that non-espionage groups like CIGAR and FIN11 were leveraging zero-day vulnerabilities in campaigns that focused on espionage and extortion. For the first time, state-backed hackers from North Korea matched those from China– with each having 5 zero-day attacks attributed to them.

Growing Spyware Threat

Google’s cyberattack threat report also identified 8 vulnerabilities that were created by spyware designers and surveillance facilitators like the NSO Group. Out of these vulnerabilities, Google included bugs that the Serbian authorities exploited through phone-unlocking devices.

Google says that spyware companies are spending more on operational security to protect their capabilities and ensure that they’re not highlighted in the news. Google also said that surveillance vendors are increasing rapidly.

In instances where law enforcement action or public disclosure has pushed vendors out of business, we’ve seen new vendors arise to provide similar services. As long as government customers continue to request and pay for these services, the industry will continue to grow,” Principal Analyst at Google’s Threat Intelligence Group (GTIG) James Sadowski said.

Targeting Enterprise

In its report, Google isolated 11 zero-day attacks that targeted enterprise devices like routers and VPNs. The report linked these attacks to cybercriminals like ransomware operators. Hackers are attracted to security and networking appliances because they provide wide access to networks. Monitoring capabilities of these appliances is also weaker.

Google also found that last year, the majority of the zero-day vulnerabilities were directed at consumer products and platforms like browsers and phones. The rest targeted corporate networks.

We’re seeing zero-day exploitation shift towards enterprise-focused products, which requires a wider and more diverse set of vendors to increase proactive security measures. The future of zero-day exploitation will ultimately be dictated by vendors’ decisions and ability to counter threat actors’ objectives and pursuits,” Casey Charrier, Senior Analyst at GTIG said in a statement.

The Good News

The latest zero-day attacks report came with some good news. Google noted that software manufacturers are building defenses around these types of attacks. These defenses are making it difficult for hackers to find bugs and empowering their customers to build cyber resilience.

We are seeing notable decreases in zero-day exploitation of some historically popular targets such as browsers and mobile operating systems,” the report stated.

Some examples highlighted by Sadowski included an iOS and macOS feature, Lockdown Mode that disables specific functionalities to harden devices. This feature has been successful at stopping government hackers. Google Pixel’s Memory Tagging Extension is another security feature that detects specific bugs and boosts device security.

Zero-day exploitation continues to grow at a slow but steady pace. However, we’ve also started seeing vendors’ work to mitigate zero-day exploitation start to pay off,” Charrier added.

James Hughes
X

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as Necessary are stored on your browser as they are essential for enabling the ... Show More

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as Necessary are stored on your browser as they are essential for enabling the basic functionalities of the site.

We also use third-party cookies that help us analyze how you use this website, store your preferences, and provide the content and advertisements that are relevant to you. These cookies will only be stored in your browser with your prior consent.

You can choose to enable or disable some or all of these cookies but disabling some of them may affect your browsing experience.

Show Less

Necessary Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

Functional

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No Cookie to display

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

Performance

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No Cookie to display

Advertisement

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No Cookie to display
Scroll to Top