Security News > 2024 > March > Google: Spyware vendors behind 50% of zero-days exploited in 2023
Google's Threat Analysis Group and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients.
Among these, the FIN11 threat group exploited three separate zero-day vulnerabilities, while at least four ransomware groups exploited another four zero-days.
In 2023, commercial surveillance vendors were behind most zero-day exploits targeting Google products and Android ecosystem devices.
These vendors were linked to 48 zero-day exploits exploited in attacks last year, amounting to roughly 50% of all such flaws used in the wild in 2023.
Lastly, of the 37 zero-day vulnerabilities in browsers and mobile devices exploited in 2023, Google linked over 60% to CSVs that sell spyware capabilities to government customers.
Google says spyware vendors behind most zero-days it discovers.
News URL
Related news
- Miscreants are exploiting enterprise tech zero days more and more, Google warns (source)
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Zero-day exploitation surged in 2023, Google finds (source)
- Google fixes two Pixel zero-day flaws exploited by forensics firms (source)
- Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)