Threat actors actively exploited 97 zero-day vulnerabilities last year, which is more than 50% higher than in 2022 but lower than in 2021, reports BleepingComputer.
Most of the abused zero-days impacted operating systems, mobile devices, and other end-user platforms, according to a joint Google Threat Analysis Group and Mandiant report. While most state-sponsored attacks leveraging the security bugs were attributed to China, nearly half of all identified zero-days were exploited by commercial spyware vendors.
Among the notable spyware actors involved in zero-day exploits were the Intellexa Consortium behind the Predator spyware, the NSO Group behind the Pegasus spyware, and Variston associated with the Heliconia framework.
"Private sector firms have been involved in discovering and selling exploits for many years, but we have observed a notable increase in exploitation driven by these actors over the past several years," said researchers.
Such a report comes weeks after sanctions have been imposed by the Treasury Department's Office of Foreign Assets Control against Intellexa founder Tal Jonathan Dilian.