Security News > 2021 > November > Threat actors offer millions for zero-days, developers talk of exploit-as-a-service
While mostly hidden in private conversations, details sometimes emerge about the parallel economy of vulnerability exploits on underground forums, revealing just how fat of a wallet some threat actors have.
If it takes too long, developers may lose the chance to make big money because competitors may come up with an exploit variant, dragging down the price.
For this reason, cybercriminals are now discussing an "Exploit-as-a-service" solution that would allow exploit developers to rent out a zero-day exploit to multiple parties.
High-rollers: threat actors that sell and buy zero-day exploits for prices starting from $1,000,000, with wallets that may be sponsored by a nation-state or successful entrepreneurs.
General merchants: sellers that trade less-critical vulnerabilities, exploit kits, and databases with info of companies with unpatched vulnerabilities.
Code communicators: actors that share and advertise PoC exploit code on GitHub.
News URL
Related news
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Zero-day exploits plague Ivanti Connect Secure appliances for second year running (source)
- Nominet probes network intrusion linked to Ivanti zero-day exploit (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)