Security News > 2023 > March > From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022
As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple.
Of the 55 zero-day bugs, 13 are estimated to have been abused by cyber espionage groups, with four others exploited by financially motivated threat actors for ransomware-related operations.
The disclosure comes as threat actors are also getting better at turning newly disclosed vulnerabilities into powerful exploits for breaching a wide range of targets across the world.
"While the discovery of zero-day vulnerabilities is a resource-intensive endeavor and successful exploitation is not guaranteed, the total number of vulnerabilities disclosed and exploited has continued to grow, the types of targeted software, including Internet of Things devices and cloud solutions, continue to evolve, and the variety of actors exploiting them has expanded," Mandiant said.
The Mandiant report also follows a warning from Microsoft's Digital Threat Analysis Center about Russia's persistent kinetic and cyber targeting as the war in Ukraine continues into the second year.
Other key traits associated with Russian threat activity include the use of ransomware as weapons of cyber sabotage, gaining initial access through diverse methods, and leveraging real and pseudo hacktivist groups to expand the reach of Moscow's cyber presence.
News URL
https://thehackernews.com/2023/03/from-ransomware-to-cyber-espionage-55.html
Related news
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
- South Korean Citizen Detained in Russia on Cyber Espionage Charges (source)
- U.S. Charges 7 Chinese Nationals in Major 14-Year Cyber Espionage Operation (source)
- Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries (source)
- Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (source)