A new study by Google is shedding light on hackers employed by the government and how they were responsible for most of the attributed zero-day exploits carried out in 2024.
The report shed light on the growing number of security flaws that were not known to software makers at that moment in time. During this period, hackers were silently abusing them. In 2023, the figure for such attacks fell from 98 to 75. However, the report says that out of this proportion of zero days that Google might attribute, it could identify hackers who were in charge of the exploitation. Interestingly, nearly 23 of those attacked were directly tied to government-based hackers.
These held direct relations with the government, and many were related to China and North Korea. Another eight of such attacks were created by spyware makers and those enabling surveillance, like the NSO Group, which is famous for selling only to government authorities. Among the eight exploits produced by spyware firms, Google counts bugs that got exploited recently by authorities present in Serbia using software like Cellebrite to unlock phones.
Despite the cases getting recorded, a top Google security engineer shared how such firms continue to invest in more resources in operational security to put an end to capabilities getting exposed and not showing up in the media.
Google mentioned how surveillance vendors keep proliferating. In cases when law enforcement action pushed vendors out of their business, they saw new vendors pop up to provide similar offerings. As long as clients of the government keep requesting and paying for this, the industry will keep growing.
The other 11 attacks were most likely related to cybercriminals who targeted enterprise products such as routers and VPNs. This report also found that most of the total attacks exploited in this period were aimed at client platforms and products. This could be smartphones or browsers. The others exploited products linked to corporate networks.
The great news here is that, as per Google’s report, software makers defend against zero-day attacks, and they continue to be more complex for exploit makers when finding bugs. They are seeing major falls in zero-day exploits of old famous targets like mobile systems and browsers.
For now, a special feature found on Apple devices called Lockdown Mode is designed to put an end to government hackers attacking phones and macOS. There’s another feature called Memory Tagging Extension that is part of modern Google Pixel chips and assists in detecting specific kinds of bugs to better device security.
These kinds of alarming reports are valuable as they give this industry and observers points worth mentioning. It better contributes to the comprehension of how these hackers work, even if the internal challenge remains undetected.
Read next: Search Industry Experts Raise Concerns for Google’s Paid ‘People Also Consider’ Experiment
The report shed light on the growing number of security flaws that were not known to software makers at that moment in time. During this period, hackers were silently abusing them. In 2023, the figure for such attacks fell from 98 to 75. However, the report says that out of this proportion of zero days that Google might attribute, it could identify hackers who were in charge of the exploitation. Interestingly, nearly 23 of those attacked were directly tied to government-based hackers.
These held direct relations with the government, and many were related to China and North Korea. Another eight of such attacks were created by spyware makers and those enabling surveillance, like the NSO Group, which is famous for selling only to government authorities. Among the eight exploits produced by spyware firms, Google counts bugs that got exploited recently by authorities present in Serbia using software like Cellebrite to unlock phones.
Despite the cases getting recorded, a top Google security engineer shared how such firms continue to invest in more resources in operational security to put an end to capabilities getting exposed and not showing up in the media.
Google mentioned how surveillance vendors keep proliferating. In cases when law enforcement action pushed vendors out of their business, they saw new vendors pop up to provide similar offerings. As long as clients of the government keep requesting and paying for this, the industry will keep growing.
The other 11 attacks were most likely related to cybercriminals who targeted enterprise products such as routers and VPNs. This report also found that most of the total attacks exploited in this period were aimed at client platforms and products. This could be smartphones or browsers. The others exploited products linked to corporate networks.
The great news here is that, as per Google’s report, software makers defend against zero-day attacks, and they continue to be more complex for exploit makers when finding bugs. They are seeing major falls in zero-day exploits of old famous targets like mobile systems and browsers.
For now, a special feature found on Apple devices called Lockdown Mode is designed to put an end to government hackers attacking phones and macOS. There’s another feature called Memory Tagging Extension that is part of modern Google Pixel chips and assists in detecting specific kinds of bugs to better device security.
These kinds of alarming reports are valuable as they give this industry and observers points worth mentioning. It better contributes to the comprehension of how these hackers work, even if the internal challenge remains undetected.
Read next: Search Industry Experts Raise Concerns for Google’s Paid ‘People Also Consider’ Experiment
