The computer pirates who work for governments were responsible for most zero exploits attributed used in cyber attacks in the real world last year, for a new Google investigation.
Google’s report said the number of zero day exploits that referred to security defects that were unknown to software manufacturers at the time the computer pirates abused them, had fallen from 98 exploits in 2023 to 75 exploits in 2024. That is, identify computer pirates who were responsible for exploiting them, at least 23 exploits of zero day backed by the government.
Among those 23 exploits, 10 zero days were attributed to computer pirates who work directly for governments, including five exploits linked to China and another five to North Korea.
Eight other exploits were identified as developed by spyware manufacturers and surveillance facilitators, such as the NSO group, which generally claim to sell only to governments. Among these eight exploits conducted by Spyware companies, Google also had errors that were recently exploited by the Serbian authorities that use Cellebrite telephone countless devices.
Despite the fact that there were eight registered cases of zero days developed by Spyware manufacturers, Clément Lecigne, a security engineer from the Google threat intelligence group (GTIG), told TechCrunch that these companies “are investing more resources in operational security to prevent their abilities from being exposed and not ended in the news.”
Google added that continuous surveillance providers to proliferate.
“In cases where the action of application of the law or public dissemination have expelled suppliers of the business, we have seen new suppliers arise to provide similar services,” James Sadowski, a GTIT main analyst, told TechCrunch. “While government customs continually request and pay these services, the industry continues to grow.”
The remaining zero days were probably operated by cybercriminals, such as ransomware operators aimed at business devices, including VPNs and routines.
The report also found that the majority of the total of 75 zero days exploited the duration 2024 was aimed at platforms and products of consumers, such as telephones and browsers; While the rest exploded devices typically found in corporate networks.
The good news, according to Google’s report, is that software creators who defend against zero day attacks are making it easier for exploitation manufacturers to find errors.
“We are seeing notable decreases in zero day exploitation of some historical popular objectives, such as browsers and mobile operating systems,” according to the report.
Sadowski specifically pointed to the blocking mode, a special characteristic for iOS and macOS that deactivates some functionality with the aim of hardening cell phones and computers, which has a proven history of stopping the computer pirates; In addition to the memory labeling extension (MTE), a safety function or modern Google Pixel chips that helps detect certain types of errors and improve device safety.
Reports such as Google are valuable because they give the industry and observers, data points that contribute to our understanding of how government computer pirates operate, even if an inherent challenge when counting zero days is that, by nature, some of them are not detected, and of which they are detected, some are not yet attributed.
