Hackers working for governments were responsible for the majority of zero -days’ yields used in real cyber -bishops last year, New research from Google.
Google’s report said the number of zero-day farms-referring to security imperfections that were unknown to software manufacturers during the time when their hackers abused them-had fallen from 98 farms to 23 to 75 farms in 2024.
Among these 23 farms, 10 zero days were attributed to hackers working directly for governments, including five farms connected to China and another five in North Korea.
Another eight holdings were recognized that they have been developed by Spyware manufacturers and supervisors, such as the NSO group, who usually claim to sell only to governments. Among these eight farms made by Spyware, Google also counts errors recently exploited by the Serbian authorities using Cellegite phone devices.
Although there were eight recorded cases of zero days developed by Spyware manufacturers, Clément Lecigne, a security engineer on Google Threat Intelligence Group (GTIG), told Techcrunch that these companies “invest more resources in business security to prevent their capabilities from being exposed and not exposed.”
Google added that surveillance sellers continue to multiply.
“In cases where law enforcement or public disclosure have pushed suppliers out of business, we have seen new suppliers emerge similar services,” James Sadowski, a GTIG analyst, told Techcrunch. “As long as government customers continue to demand and pay for these services, the industry will continue to grow.”
Contact us
Do you have more information about the Hacking Government Groups, Zero Developers or Spyware Manufacturers? From a device and non-work network, you can contact Lorenzo Franceschi-bicchierai safely on the signal on +1 917 257 1382, or through the telegram and keybase @lorenzofb or email.
The remaining 11 yields of zero days were probably exploited by cyberspace, such as Ransomware operators targeting business devices, including VPNs and routers.
The report also found that the majority of the total 75 zero days they took advantage of during 2024 are aimed at platforms and consumer products, such as phones and browsers, while others are exploiting devices that are usually on corporate networks.
The good news, according to the Google report, is that software manufacturers defending zero -day attacks make it more and more difficult for exploiting manufacturers to find errors.
“We are seeing remarkable reductions in the exploitation of zero day of some historical popular goals, such as browsers and mobile operating systems,” according to the report.
Sadowski specifically highlighted the lock function, a special feature for iOS and MacOS that deactivates certain functions aimed at hardening mobile phones and computers, which has a proven history of government hacker interruption as well as Memory Label Extension (MTE), a safety feature of modern Google Pixel chipsets that helps detect certain types of errors and improve the safety of the devices.
Exhibitions like Google are valuable because they give the industry and observers, the data that contributes to our understanding of how government hackers work-even if an inherent challenge by counting zero days is that, by nature, some of them are not detected.
