Government hackers are leading the use of attributed zero-days, Google says

Tech Crunch - Apr 29th, 2025

Hackers affiliated with governments were responsible for the majority of attributed zero-day exploits in 2024, according to a new report from Google. The report noted a decrease in the total number of zero-day exploits, from 98 in 2023 to 75 in 2024. Of these, at least 23 were linked to government-backed hackers, with ten attributed directly to China and North Korea. Additionally, eight exploits were developed by spyware companies like NSO Group and Cellebrite, which typically serve government clients. The remaining 11 zero-days were likely used by cybercriminals targeting enterprise devices. The report highlights the impact of these exploits on consumer platforms and corporate networks.

Google's findings underscore the ongoing challenges in cybersecurity, as government demand fuels the surveillance vendor industry. Despite some companies being pushed out of business, new vendors continue to emerge, driven by state-sponsored demand. Encouragingly, software makers are improving defenses, with notable decreases in zero-day exploitations of popular targets like browsers and mobile systems. Innovative security features, such as Apple's Lockdown Mode and Google's Memory Tagging Extension, are helping to thwart government hackers. Reports like Google's are crucial for understanding the evolving landscape of cyber threats, though the nature of zero-days means some exploits remain undetected or unattributed.

China Cybersecurity Nso Group North Korea Google Cellebrite Zero Day Exploits Government Backed Hackers Surveillance Vendors

Story submitted by Fairstory

RATING

7.8

Fair Story

Consider it well-founded

The article provides a comprehensive overview of Google's findings on zero-day exploits, accurately presenting key statistics and insights into government-backed hacking activities. It is well-sourced, primarily relying on Google's Threat Intelligence Group, which lends credibility to its claims. However, the article could benefit from additional perspectives, particularly from the entities implicated, to enhance balance and depth. While the piece is clear and timely, addressing a topic of significant public interest, it could improve its engagement potential through interactive elements or expert commentary. Overall, the article effectively informs readers about a critical cybersecurity issue, though it could be strengthened by addressing some of the noted gaps in transparency and balance.

Accuracy

The story accurately presents the main findings of Google's report, such as the decrease in zero-day exploits from 98 in 2023 to 75 in 2024. It correctly attributes 23 of these exploits to government-backed hackers, including specific mentions of China and North Korea. However, there are discrepancies in the report's claims about whether consumer or enterprise platforms were more targeted, as other sources emphasize enterprise targeting more heavily. Additionally, the attribution of exploits to Serbian authorities using Cellebrite devices lacks external verification.

Balance

The article provides a balanced view by discussing both the role of government-backed hackers and the involvement of spyware vendors. It highlights the actions of specific countries like China and North Korea while also mentioning the general proliferation of surveillance vendors. However, it could improve by including perspectives from the accused governments or companies like Cellebrite and NSO Group to provide a more rounded view.

Clarity

The article is generally clear and well-structured, with a logical flow of information. It effectively explains technical terms like 'zero-day exploits' in a way that is accessible to a general audience. However, some sections, like the discussion on the targeting of consumer versus enterprise platforms, could be clearer to avoid confusion.

Source quality

The primary source of the article is Google's Threat Intelligence Group, a credible and authoritative entity in cybersecurity. The article also references statements from security experts at Google, adding to its reliability. However, it relies heavily on a single source, which could be balanced with input from other cybersecurity experts or organizations to enhance credibility.

Transparency

The article is transparent about its primary source, Google's report, and includes quotes from Google's security experts. However, it lacks detailed methodology on how Google attributed the zero-day exploits to specific actors, which is crucial for understanding the basis of the claims. Additionally, the article could benefit from disclosing any potential conflicts of interest, such as Google's role in the cybersecurity industry.