So-called zero-day exploits—hacking techniques that take advantage of secret software flaws—were once the calling card of only the most sophisticated hackers. But today, the global map of zero-day hacking has expanded far beyond the United States, Russia, and China, as more countries than ever buy themselves a spot on it.
Security and intelligence firm FireEye today released a sweeping analysis of how zero days have been exploited worldwide over the last seven years, drawing in data from other security research organizations' reporting as well as Google Project Zero's database of active zero days. FireEye was able to link the use of 55 of those secret hacking techniques to state-sponsored operations, going so far as to name which country's government it believes to be responsible in each case.
The resulting map and timeline, with a tally of which countries have used the most zero days over the last decade, are far from comprehensive. Countries like the US almost certainly have used zero days that remain undetected, FireEye acknowledges, and many others couldn't be pinned with certainty on any particular country. But it does show how the collection of countries using those hacking techniques now includes less expected players like the United Arab Emirates and Uzbekistan.
That proliferation, FireEye argues, is due at least in part to a rising industry of hackers-for-hire that develop zero-day tools and sell them to intelligence agencies around the world. Any nation with money can buy, rather than build, relatively sophisticated hacking abilities. "Since about 2017 the field has really diversified. We think that this is at least partially due to t ..
Support the originator by clicking the read the rest link below.
