December 9, 2023

Mandiant has released a report stating, threat actors with ties to nation-states were the driving force behind exploiting zero-day vulnerabilities last year

Over 50% of the exploits in 2022 are linked to Chinese cyberespionage groups. Mandiant has confidently track to 13 APTs, followed by Russia and North Korea. Overall, groups with links to nation-states accounted for 80% of the zero-day exploits.

  • China led the pack with seven known vulnerabilities exploited
  • Russia and North Korea tied with two known vulnerabilities exploited each.

Four zero-days were tied to financially motivated actors, with 75% likely performed by ransomware groups.


A little place to breathe is that the total number of 55 zero-day vulnerabilities exploited last year is down 26 from the record 81  tracked in 2021, but that figure is still triple the 2020 total.

Researchers highlighted three Chinese-linked APT campaigns exploiting the Follina vulnerability (CVE-2022-30190), as well as FortiOS vulnerabilities (CVE-2022-42475 and CVE-2022-41328) for their focus on enterprise networking and security devices.

Because of their ubiquity, zero-days in Microsoft, Google and Apple products were used the most to gain elevated privileges or perform remote code executions. Microsoft vulnerabilities led the pack with 18, followed by Google vulnerabilities-10 and Apple vulnerabilities -9.

  • Operating systems -19
  • Browsers -11
  • IT and network management products -10
  • mobile OS -6

Devices running Windows were by far the most exploited OS with 15 vulnerabilities, followed by Apple’s macOS with four. Google’s Chrome browser was the most exploited with nine of the 11 browser vulnerabilities.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.