From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022


In 2022, there were numerous cases where hackers used 55 previously undiscovered loopholes to launch cyberattacks. These vulnerabilities were mostly found in software owned by Microsoft, Google, and Apple.

Although there has been a decrease from the previous year, during which 81 zero-days were utilized, this number is still noteworthy as it indicates an increase in recent times of malicious entities exploiting unidentified vulnerabilities for their gain.

According to Mandiant, a company specializing in analyzing security threats, the products most frequently targeted for exploitation include desktop operating systems (19 varieties), web browsers (11 types), IT and network management software (10 varieties), and mobile operating systems (6 types).

Out of the 55 zero-day vulnerabilities, it is believed that 13 have been used by cyber espionage organizations, while four were utilized by financially driven attackers for ransomware-related activities. Moreover, three of the zero-days were connected to the exploitation carried out by commercial spyware vendors.

During the year, Chinese state-sponsored groups have been identified as the most active in utilizing seven zero-days, which are CVE-2022-24682, CVE-2022-1040, CVE-2022-30190, CVE-2022-26134, CVE-2022-42475, CVE-2022-27518 and CVE-2022-41328.

The exploitation of weaknesses in edge network devices, particularly firewalls, has been a key focus. China-based groups have also been observed using a vulnerability in the Microsoft Diagnostics Tool (known as Follina) in various campaigns.

According to Mandiant, the distribution of the zero-day to various suspected Chinese espionage groups through a digital quartermaster may suggest the presence of a common development and logistical system, as well as a centralized coordinating entity. The existence of multiple distinct campaigns supports this notion.

On the other hand, North Korean and Russian hackers have been associated with utilizing two separate software vulnerabilities each. These consist of CVE-2022-0609, CVE-2022-41128, CVE-2022-30190, and CVE-2023-23397.

As hackers improve their ability to use newly revealed weaknesses to launch effective cyber-attacks on various global targets, this information has been revealed.

services have expanded the attack surface even further. Despite the potential risks, many organizations still fail to prioritize patching or updating their systems, leaving them vulnerable to attacks that exploit known vulnerabilities. Even though finding zero-day vulnerabilities is difficult and there’s no guarantee of being able to take advantage of them, the number of security weaknesses that have been both discovered and exploited continues to rise. Moreover, with the inclusion of Internet of Things (IoT) devices and cloud services in the list of targets, the variety of vulnerable software has multiplied considerably. However, despite knowing this information and potential threats, a lot of organizations still neglect to regularly update or patch their systems properly. As a result, they remain at risk for attacks that take advantage of these known vulnerabilities. According to Mandiant, solutions are constantly improving and there has been an increase in the number of individuals or organizations utilizing them.

The Mandiant report is in line with Microsoft's Digital Threat Analysis Center alerting the public about Russia's continuous use of both physical and cyber attacks during the ongoing conflict in Ukraine, which has lasted for two years.

From January 2023, the large technology company has witnessed Russian cyber threats adapting their methods to increase their ability to cause harm and gather information on the civilian and military assets of Ukraine and its allies.

The article cautioned that the group referred to as Sandworm, aka Iridium, may launch another destructive attack on groups situated in Ukraine or other areas.

start of the year. These attacks have been linked to Russian hackers and have caused countless damages to various organizations across the globe. In particular, Ukraine has suffered greatly with over 100 Ukrainian entities falling victim to at least two ransomware and nine wiper families deployed by Moscow-backed hackers. Additionally, there have been espionage campaigns targeting 17 European countries between January and mid-February 2023, while a total of 74 countries have been targeted since the beginning of the year. The culprits behind these attacks are believed to be Russian hackers, who have caused significant harm to numerous organizations worldwide. Ukraine has been hit especially hard, with many of its entities falling prey to these cyber attackers. The beginning of the conflict.

Russian threat actors demonstrate several distinctive characteristics, including deploying ransomware as a cyber sabotage tactic, utilizing various methods for initial infiltration, and exploiting authentic or simulated hacktivist organizations to amplify the impact of Moscow's online activities.

Post a Comment

Previous Post Next Post