Government hackers are leading the use of attributed zero-days, Google says

Summary

Hackers working for governments were responsible for the majority of attributed zero-day exploits used in real-world cyberattacks last year, per new research from Google. Google’s report said that the number of zero-day exploits — referring to security flaws that were unknown to the software makers at the time hackers abused them — had dropped from 98 exploits in 2023 to 75 exploits in 2024. But the report noted that of the proportion of zero-days that Google could attribute — meaning identifying the hackers who were responsible for exploiting them — at least 23 zero-day exploits were linked to government-backed hackers. Among those 23 exploits, 10 zero-days were attributed to hackers working directly for governments, including five exploits linked to China and another five to North Korea. Another eight exploits were identified as having been developed by spyware makers and surveillance enablers, such as NSO Group, which typically claim to only sell to governments. Among those eight exploits made by spyware companies, Google is also counting bugs that were recently exploited by Serbian authorities using Cellebrite phone-unlocking devices. A chart showing the zero-day exploits that were attributed in 2024. (Image: Google) Despite the fact that there were eight recorded cases of zero-days developed by spyware makers, Clément Lecigne, a security engineer at Google’s Threat Intelligence Group (GTIG), told TechCrunch that those companies “are investing more resources in operational security to prevent their capabilities being exposed and to not end up in the news.” Google added that surveillance vendors continue to proliferate. “In instances where law enforcement action or public disclosure has pushed vendors out of business, we’ve seen new vendors arise to provide similar services,” James Sadowski, a principal analyst at GTIG, told TechCrunch. “As long as government customers continue to request and pay for these services, the industry will continue to grow.” The remain...