Mandiant, owned by Google, recently performed a study on the zero-day vulnerabilities that were revealed in 2022. The results showed that more than twelve of these vulnerabilities were exploited in attacks believed to be orchestrated by cyberespionage organizations.
The cybersecurity community has not yet agreed on a uniform definition of zero-day vulnerability. Mandiant, however, only included vulnerabilities that were exploited in the wild before a patch was released in its analysis.
Mandiant reported that 55 zero-days were discovered in 2022, a drop from the 81 found in 2021, but still more than any other year on record. Of these, 13 were attributed to cyberespionage groups, including seven believed to have been used by Chinese state-sponsored hackers. Two were linked to North Korea and two to Russia.
Four of the zero-days were likely exploited by financially motivated threat actors. 18 impacted Microsoft products, 10 impacted Google products, and 9 were found in Apple products. 19 flaws impacted desktop operating systems, followed by browsers (11), security, IT and network management products (10), and mobile operating systems (6).
Mandiant found that almost all of the 2022 zero-day vulnerabilities (53) were exploited for the purpose of achieving either (primarily remote) code execution or gaining elevated privileges, both of which are consistent with most threat actor objectives.
In summary, Mandiant’s analysis of zero-day vulnerabilities disclosed in 2022 showed that over a dozen were used in attacks believed to have been carried out by cyberespionage groups. Of these, 13 were attributed to state-sponsored actors, including seven to China, two to North Korea, two to Russia and four to financially motivated threat actors. 18 impacted Microsoft products, 10 impacted Google products, and 9 were found in Apple products.
Key Points:
- Mandiant’s analysis of zero-day vulnerabilities discovered in 2022 found that over a dozen of them were exploited by cyberespionage groups.
- 13 zero-days were attributed to state-sponsored actors, including seven to China, two to North Korea, two to Russia and four to financially motivated threat actors.
- 18 impacted Microsoft products, 10 impacted Google products, and 9 were found in Apple products.
- Almost all of the 2022 zero-day vulnerabilities (53) were exploited for the purpose of achieving either remote code execution or gaining elevated privileges.