Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant

Mandiant has conducted an analysis of the zero-day vulnerabilities disclosed in 2022 and over a dozen were linked to cyberespionage groups.

Google-owned Mandiant has conducted an analysis of the zero-day vulnerabilities disclosed in 2022 and found that over a dozen of them were used in attacks believed to have been carried out by cyberespionage groups.

The cybersecurity community cannot reach an agreement on the definition of zero-day vulnerability. Some define as zero-day any vulnerability whose details are made public before a patch is released, while others only assign a zero-day classification to flaws that were actually exploited in attacks before a fix was made available. 

Mandiant noted that only vulnerabilities that were exploited in the wild before a patch was released were included in its zero-day analysis. 

According to Mandiant, 55 zero-day vulnerabilities came to light last year. While this is a significant drop from the 81 discovered in 2021, it’s still more than in any other previous year.

Many of the zero-days found last year were not publicly attributed to a known threat actor. Of the ones that were attributed, 13 were linked to cyberespionage groups, including seven believed to have been exploited by Chinese state-sponsored groups.

Chinese hackers targeted vulnerabilities such as CVE-2022-30190 (the Windows flaw known as Follina), and CVE-2022-42475 and CVE-2022-41328 (Fortinet product vulnerabilities).

Two of the zero-days attributed to state-sponsored threat actors were linked to North Korea and two were tied to Russia. Three vulnerabilities were exploited by commercial spyware vendors such as Candiru and Variston. One flaw was seen being exploited by both China and Russia, and spyware vendors as well.

Four of the zero-days spotted in 2022 were likely exploited by financially motivated threat actors, including CVE-2022-29499 (by Lorenz ransomware), and CVE-2022-41091 and CVE-2022-44698 (by Magniber ransomware).   

Advertisement. Scroll to continue reading.

Of the 55 zero-days that emerged in 2022, 18 impacted Microsoft products, 10 impacted Google products, and 9 were found in Apple products. Other affected vendors included Fortinet, Mozilla, Sophos, Trend Micro, Zimbra, Adobe, Atlassian, Cisco, Mitel, SolarWinds, Zoho, QNAP, and Citrix. 

As for product types, 19 flaws impacted desktop operating systems, followed by browsers (11), security, IT and network management products (10), and mobile operating systems (6). 

“Almost all 2022 zero-day vulnerabilities (53) were exploited for the purpose of achieving either (primarily remote) code execution or gaining elevated privileges, both of which are consistent with most threat actor objectives,” Mandiant noted.

Additional details, including information on why temporary workarounds can cause defender fatigue, are available in Mandiant’s full report

Related: Dozens of Exploited Vulnerabilities Missing From CISA ‘Must Patch’ List

Related: 557 CVEs Added to CISA’s Known Exploited Vulnerabilities Catalog in 2022

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.