Security News > 2020 > April > Roaring trade in zero-days means more vulns are falling into the hands of state spies, warn security researchers

"Furthermore, we noted a significant increase over time in the number of zero-days leveraged by groups suspected to be customers of companies that supply offensive cyber capabilities," said FireEye, which went on to refer to a group of malicious persons variously named by researchers as Stealth Falcon and FruityArmor [sic].

This group "Used malware sold by NSO Group", said FireEye, which speculated that it might also be linked to Uzbekistani state spying operations: "The zero-days used in SandCat operations were also used in Stealth Falcon operations, and it is unlikely that these distinct activity sets independently discovered the same three zero-days."

These, it said, were doing their thing "With less frequency than espionage groups", suggesting that you're at greater risk from state spies abusing zero-day vulns to pwn your network than you are from common-or-garden crims trying to ransom your stolen data back to you.

A zero-day is a software vulnerability that has zero days between the time it is discovered and the time that someone is found to be using it for criminal purposes.

Responsible infosec researchers find vulns and then privately tell vendors about them so they can be patched before everyone knows; zero days, in contrast, are highly prized by malware vendors and state spies alike.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/04/06/zero_days_popular_state_hackers_fireeye/