Spyware and zero-day exploits increasingly go hand-in-hand, researchers find | CyberScoop<\/title> <meta name=\"description\" content=\"Researchers found 97 zero-days exploited in the wild in 2023; nearly two thirds of mobile and browser flaws were used by spyware firms.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/spyware-zero-days-2023\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Spyware and zero-day exploits increasingly go hand-in-hand, researchers find\"> <meta property=\"og:description\" content=\"Researchers found 97 zero-days exploited in the wild in 2023; nearly two thirds of mobile and browser flaws were used by spyware firms.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/spyware-zero-days-2023\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-03-27T13:00:00+00:00\"> <meta property=\"article:modified_time\" content=\"2024-03-27T12:56:55+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/spyware-and-zero-day-exploits-increasingly-go-hand-in-hand-researchers-find-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"eliasgroll\"> <meta name=\"twitter:card\" content=\"summary_large_image\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1710875768g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1710299038g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1711491965g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/79913\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=79913\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fspyware-zero-days-2023%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fspyware-zero-days-2023%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-79913 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/spyware-zero-days-2023\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.459897610922\">\n<div class=\"single-article__header-content\" readability=\"30.023529411765\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/cybersecurity\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> Researchers found 97 zero-days exploited in the wild in 2023; nearly two thirds of mobile and browser flaws were used by spyware firms. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/spyware-and-zero-day-exploits-increasingly-go-hand-in-hand-researchers-find.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/spyware-and-zero-day-exploits-increasingly-go-hand-in-hand-researchers-find-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/spyware-and-zero-day-exploits-increasingly-go-hand-in-hand-researchers-find-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/spyware-and-zero-day-exploits-increasingly-go-hand-in-hand-researchers-find-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/spyware-and-zero-day-exploits-increasingly-go-hand-in-hand-researchers-find-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/spyware-and-zero-day-exploits-increasingly-go-hand-in-hand-researchers-find-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/spyware-and-zero-day-exploits-increasingly-go-hand-in-hand-researchers-find-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/spyware-and-zero-day-exploits-increasingly-go-hand-in-hand-researchers-find-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/spyware-and-zero-day-exploits-increasingly-go-hand-in-hand-researchers-find-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/spyware-and-zero-day-exploits-increasingly-go-hand-in-hand-researchers-find-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/spyware-and-zero-day-exploits-increasingly-go-hand-in-hand-researchers-find-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> A cosplayer dressed as the Star Wars character Darth Vader holds a mobile phone displaying a government alert issued to all smartphones to test a system used to warn of life-threatening emergencies at the Scarborough Sci-Fi Convention in Scarborough north-east England on April 23, 2023. (Photo by OLI SCARFF\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"29.858823529412\"><body readability=\"60.123287671233\"><\/p>\n<p>Researchers tracking the exploitation of previously undisclosed vulnerabilities found that commercial spyware firms are increasingly responsible for leveraging such zero-day flaws against mobile phones and other consumer-oriented devices, according to a report published Wednesday.<\/p>\n<p>The <a href=\"https:\/\/storage.googleapis.com\/gweb-uniblog-publish-prod\/documents\/Year_in_Review_of_ZeroDays.pdf\">joint report<\/a> from Google\u2019s Threat Analysis Group and Google-owned Mandiant determined that in 2023, spyware produced by commercial surveillance vendors (CSVs) were responsible for 64% of known exploited mobile and browser zero-day vulnerabilities.<\/p>\n<p>\u201cWe have all seen the harms that are being caused towards society from these CSVs, and we are still seeing them playing some of the biggest roles in in-the-wild zero-days that are discovered against end-user devices,\u201d said Maddie Stone, security engineer at Google TAG. \u201cOverall we\u2019re definitely seeing it on an upward trajectory on the end-user space for CSVs.\u201d<\/p>\n<p>Wednesday\u2019s report comes against the backdrop of <a href=\"https:\/\/cyberscoop.com\/white-house-spyware-executive-order\/\">a Biden administration push<\/a> to crack down on spyware abuses, following ever-expanding revelations about buyers using the tech to eavesdrop on U.S. government personnel overseas, journalists and activists.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The White House has <a href=\"https:\/\/cyberscoop.com\/white-house-spyware-executive-order\/\">banned U.S. government agencies from using spyware<\/a> from using spyware that poses a threat to U.S. national security, has <a href=\"https:\/\/www.cnn.com\/2024\/03\/17\/politics\/us-spyware-fight\/index.html\">convinced a number of U.S. allies<\/a> to pledge to use spyware responsibly and is looking to <a href=\"https:\/\/www.nextgov.com\/policy\/2024\/03\/us-targets-6-8-month-timeframe-new-nations-join-spyware-pact\/395226\/\">sign up additional countries<\/a> to the pact. <\/p>\n<p>Wednesday\u2019s zero-day report tallied 97 total zero-day vulnerabilities exploited \u201cin the wild,\u201d meaning those being used in the real world rather than discovered as part of theoretical research. Of those, 37 were mobile and browser vulnerabilities, and spyware firms were responsible for 24 of those, according to the analysis. Three-quarters of the known zero-day spyware exploits targeted Google products and Android devices and 55% targeted iOS and Safari.<\/p>\n<p>\u201cPrivate sector firms have been involved in discovering and selling exploits for many years, but we have observed a notable increase in exploitation driven by these actors over the past several years,\u201d the report states. \u201cCSVs operate with deep technical expertise to offer \u2018pay-to-play\u2019 tools that bundle an exploit chain designed to get past the defenses of a selected device, the spyware, and the necessary infrastructure, all to collect the desired data from an individual\u2019s device.\u201d<\/p>\n<p>Spyware\u2019s easy ability to hand all-in-one powerful surveillance tools to those who purchase it might account for the spike in numbers, but it also might point to the cybersecurity world getting better at catching wind, Stone said, noting that the report tallies the exploits the researchers have seen rather than necessarily accounting for all exploits used.<\/p>\n<p>The 97 exploited zero-day vulnerabilities is a rise from 2022\u2019s tally but short of the record of 106 in 2021. The report highlighted improvements by tech companies to fend off zero-days. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Other findings of the report include increased targeting of third-party components and enterprise products; China continuing to be the most prolific state user of zero-day exploits; and the first known instance of reportedly Belarusian-linked espionage groups making use of zero-day vulnerabilities.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.056338028169\">\n<div class=\"author-card\" readability=\"12\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/spyware-and-zero-day-exploits-increasingly-go-hand-in-hand-researchers-find-1.jpg?w=640&ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/spyware-zero-days-2023\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Spyware and zero-day exploits increasingly go hand-in-hand, researchers find |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78,387,646,268,482,310,643],"tags":[86,391,650,274,484,311,645],"class_list":["post-2798","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-google","category-mandiant","category-privacy","category-spyware","category-technology","category-vulnerabilities","tag-cybersecurity","tag-google","tag-mandiant","tag-privacy","tag-spyware","tag-technology","tag-vulnerabilities"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google\/\" rel=\"category tag\">Google<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mandiant\/\" rel=\"category tag\">Mandiant<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/privacy\/\" rel=\"category tag\">Privacy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/spyware\/\" rel=\"category tag\">spyware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a>","tag_info":"vulnerabilities","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2798","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2798"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2798\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":2798,"date":"2024-03-27T08:00:00","date_gmt":"2024-03-27T13:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=79913"},"modified":"2024-03-27T08:00:00","modified_gmt":"2024-03-27T13:00:00","slug":"spyware-and-zero-day-exploits-increasingly-go-hand-in-hand-researchers-find","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/03\/27\/spyware-and-zero-day-exploits-increasingly-go-hand-in-hand-researchers-find\/","title":{"rendered":"Spyware and zero-day exploits increasingly go hand-in-hand, researchers find"},"content":{"rendered":"