Of the 55 zero-day vulnerabilities exploited in the wild in 2022, most were found in software from Microsoft, Google, and Apple.
While this figure represents a drop from the year before when a staggering 81 zero-days were weaponized, it does indicate a significant increase in recent years in the number of threat actors taking advantage of unknown security flaws. is showing.
The findings, from threat intelligence firm Mandiant, show that desktop operating systems (19), web browsers (11), IT and network management products (10), and mobile operating systems (6) were the most exploited product types. It points out that it occupies
Of the 55 zero-day bugs, 13 are estimated to have been exploited by cyber espionage groups, and the remaining 4 are estimated to have been exploited by financially motivated attackers for ransomware-related operations. A commercial spyware vendor was involved in three zero-day attacks.
Among state-sponsored groups, the group attributed to China has emerged the most, exploiting seven zero-day attacks – CVE-2022-24682, CVE-2022-1040, CVE-2022- 30190, CVE-2022-26134, CVE-2022 -42475, CVE-2022-27518, and CVE-2022-41328 – all year round.
Many exploits focus on vulnerabilities in edge network devices such as firewalls to gain initial access. Various China-related clusters have also been observed leveraging the Microsoft Diagnostics Tool (aka Follina) flaw as part of various campaigns.
“Multiple separate campaigns may indicate that zero-day was distributed to multiple suspected Chinese spy clusters via Digital Quartermasters,” said Mandiant, adding that “shared development and logistics infrastructure and possibly the presence of a centralized coordinating entity,” he added.
Meanwhile, North Korean and Russian actors are each involved in two zero-day exploits. This includes CVE-2022-0609, CVE-2022-41128, CVE-2022-30190, and CVE-2023-23397.
This disclosure is being made as threat actors are turning newly disclosed vulnerabilities into powerful exploits to improve how they reach various targets around the world.
“Although discovering zero-day vulnerabilities is a resource-intensive task and successful exploitation is not guaranteed, the total number of published and exploited vulnerabilities continues to grow, and the Internet of Things (IoT) “Devices and cloud solutions continue to evolve, expanding the range of actors that abuse them,” said Mandiant.
Discover the hidden dangers of third-party SaaS apps
Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions granted and how to minimize the risks.
reserve a seat
Mandiant’s report also follows warnings from Microsoft’s Digital Threat Analysis Center about Russia’s relentless kinetics and cyber targets as the war in Ukraine enters its second year.
Since January 2023, the tech giant said, “Russia’s cyber threat activities have been coordinating to increase its destructive and intelligence-gathering capabilities against the civilian and military assets of Ukraine and its partners.”
It also warned of the possibility of a “new destructive campaign” launched by a nation-state group known as Sandworm (aka Iridium) against organizations in Ukraine and elsewhere.
Additionally, Moscow-backed hackers have deployed at least two ransomware and nine Wiper families against over 100 Ukrainian organizations. At least 17 European countries were targeted in his espionage campaign from January 2023 to mid-February, and 74 countries have been targeted since the start of the war.
Other key features associated with Russian threat activity include using ransomware as a weapon for cyber-jamming, various methods of gaining initial access, utilizing real and fake hacktivist groups to including expanding the scope of its cyber presence.
