Found zero-day vulnerabilities are often exploited by individual APT groups. According to Mandiant, Chinese cyberattackers are targeting more and more zero-day vulnerabilities. The report documents the role of the groups and the vulnerabilities exploited.
The new report from Client to the Fortinet vulnerability shows that routers and devices connected to the Internet in company networks are insufficiently protected against cyber attacks. There are simply not enough tools to protect these systems.
Chinese spies at work
For example, suspected Chinese spies exploited a zero-day vulnerability with a new type of malware designed specifically for network security devices. Devices used by government and defense organizations can also be infiltrated with it. Fortinet has now released a patch for the vulnerability.
“Among the latest victims of Chinese espionage are the defense industry, government agencies, telecommunications and technology companies. Since the actors in the networks are difficult to track down, very few companies can identify them themselves. It is not uncommon for a Chinese infiltration to drag on for several years. We hope that with this information and the hardening measures that accompany it, more companies will be able to detect these protracted security breaches sooner.” said Charles Carmakal, SVP & CTO at Mandiant Consulting.
Zero-day vulnerabilities report
In total, 2022 zero-day vulnerabilities were exploited by cyber-espionage groups in 2022, according to Mandiant's new Zero-Days 13 report. More than half of this is attributed to China. State actors from Russia and North Korea were also quick to do so. The total number of zero-days exploited has dropped from 81 in 2021 to 55 in 2022. However, the previous year was a record year; compared to 2020, utilization has increased by 200 percent. Mandiant anticipates more zero-day vulnerabilities to be exploited over time.
Insights into the exploited vulnerabilities
- Four zero-day vulnerabilities were exploited by financially motivated attacker groups.
- Ten zero-day vulnerabilities, or almost 20 percent of all zero-day vulnerabilities identified by Mandiant in 2022, affected security, IT and network management products.
About Mandiant Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response. With decades of experience on the cyber frontline, Mandiant helps organizations confidently and proactively defend against cyber threats and respond to attacks. Mandiant is now part of Google Cloud.