Google's Threat Analysis Group and Mandiant have confirmed that there were 97 zero-day vulnerabilities observed in the wild in the past year, marking a 50% increase compared to the previous year. Out of these, 29 were discovered by Google's security researchers. The People's Republic of China was identified as responsible for exploiting 12 zero-day vulnerabilities in 2023, up from seven in 2022.
Zero-day vulnerabilities are those discovered by threat actors before the vendor becomes aware of them. Google's dedicated Threat Analysis Group, comprising skilled security researchers, focuses on countering government-backed hacking and attacks, with a significant emphasis on zero-day discoveries.
Google's recently published zero-day report for 2023, compiled with data from the TAG team and Mandiant, sheds light on the zero-day landscape. Notably, 48 out of 58 zero-days with attributed motivation were linked to espionage groups, while the remaining 10 were financially motivated.
Highlights from the report include more zero-day exploits targeting Safari than Chrome, with iOS and Android almost equally targeted. The majority of zero-days targeted end-user platforms, while enterprise-specific zero-day exploitation saw a 64% increase from the previous year.
Despite the concerning trend of zero-day exploitation by PRC actors, Google acknowledges that companies like Apple, Google, and Microsoft have made significant investments that impact the types and number of exploitable zero-days. PRC cyber espionage groups are noted for investing resources in zero-day vulnerability research, particularly in security, networking, and virtualization software.
The 12 zero-days exploited by PRC actors in 2023 surpassed the combined total of Russian, Belarusian, and North Korean zero-day exploits. Additionally, the report highlighted 24 zero-day exploits developed by commercial surveillance vendors used by government customers, exceeding PRC's exploitation in 2023.
