banner1
banner2

HOME
WHITE PAPER

Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis

by VARINDIA 2025-05-02
Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis

Google Threat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). We divided the reviewed vulnerabilities into two main categories: end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and enterprise-focused technologies, such as security software and appliances. 

Vendors continue to drive improvements that make some zero-day exploitation harder, demonstrated by both dwindling numbers across multiple categories and reduced observed attacks against previously popular targets. At the same time, commercial surveillance vendors (CSVs) appear to be increasing their operational security practices, potentially leading to decreased attribution and detection.

We see zero-day exploitation targeting a greater number and wider variety of enterprise-specific technologies, although these technologies still remain a smaller proportion of overall exploitation when compared to end-user technologies. While the historic focus on the exploitation of popular end-user technologies and their users continues, the shift toward increased targeting of enterprise-focused products will require a wider and more diverse set of vendors to increase proactive security measures in order to reduce future zero-day exploitation attempts.

For a deeper look at the trends discussed in this report, along with recommendations for defenders, register for our upcoming zero-day webinar.

Scope 

This report describes what Google Threat Intelligence Group (GTIG) knows about zero-day exploitation in 2024. We discuss how targeted vendors and exploited products drive trends that reflect threat actor goals and shifting exploitation approaches, and then closely examine several examples of zero-day exploitation from 2024 that demonstrate how actors use both historic and novel techniques to exploit vulnerabilities in targeted products. The following content leverages original research conducted by GTIG, combined with breach investigation findings and reporting from reliable open sources, though we cannot independently confirm the reports of every source. Research in this space is dynamic and the numbers may adjust due to the ongoing discovery of past incidents through digital forensic investigations. The numbers presented here reflect our best understanding of current data.

GTIG defines a zero-day as a vulnerability that was maliciously exploited in the wild before a patch was made publicly available. GTIG acknowledges that the trends observed and discussed in this report are based on detected and disclosed zero-days. Our analysis represents exploitation tracked by GTIG but may not reflect all zero-day exploitation.

A 2024 Zero-Day Exploitation Analysis

Google Threat Intelligence Group tracked 75 zero-day vulnerabilities exploited in the wild in 2024, noting a shift towards targeting enterprise technologies, particularly security and networking products, alongside traditional end-user platforms. While vendor improvements are impacting some exploit trends, espionage actors continue to heavily utilize zero-day exploits.

The report is available for download, and has been included in full in this blog post.

Download now

Key Takeaways

● Zero-day exploitation continues to grow gradually. The 75 zero-day vulnerabilities exploited in 2024 follow a pattern that has emerged over the past four years. While individual year counts have fluctuated, the average trendline indicates that the rate of zero-day exploitation continues to grow at a slow but steady pace.

● Enterprise-focused technology targeting continues to expand. GTIG continued to observe an increase in adversary exploitation of enterprise-specific technologies throughout 2024. In 2023, 37% of zero-day vulnerabilities targeted enterprise products. This jumped to 44% in 2024, primarily fuelled by the increased exploitation of security and networking software and appliances.

● Attackers are increasing their focus on security and networking products. Zero-day vulnerabilities in security software and appliances were a high-value target in 2024. We identified 20 security and networking vulnerabilities, which was over 60% of all zero-day exploitation of enterprise technologies. Exploitation of these products, compared to end-user technologies, can more effectively and efficiently lead to extensive system and network compromises, and we anticipate adversaries will continue to increase their focus on these technologies.

● Vendors are changing the game. Vendor investments in exploit mitigations are having a clear impact on where threat actors are able to find success. We are seeing notable decreases in zero-day exploitation of some historically popular targets such as browsers and mobile operating systems.

● Actors conducting cyber espionage still lead attributed zero-day exploitation. Between government-backed groups and customers of commercial surveillance vendors (CSVs), actors conducting cyber espionage operations accounted for over 50% of the vulnerabilities we could attribute in 2024. People's Republic of China (PRC)-backed groups exploited five zero-days, and customers of CSVs exploited eight, continuing their collective leading role in zero-day exploitation. For the first year ever, we also attributed the exploitation of the same volume of 2024 zero-days (five) to North Korean actors mixing espionage and financially motivated operations as we did to PRC-backed groups.

Looking at the Numbers 

GTIG tracked 75 exploited-in-the-wild zero-day vulnerabilities that were disclosed in 2024. This number appears to be consistent with a consolidating upward trend that we have observed over the last four years. After an initial spike in 2021, yearly counts have fluctuated but not returned to the lower numbers we saw in 2021 and prior.

While there are multiple factors involved in discovery of zero-day exploitation, we note that continued improvement and ubiquity of detection capabilities along with more frequent public disclosures have both resulted in larger numbers of detected zero-day exploitation compared to what was observed prior to 2021.

 

er

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Apple Warns iPhone Users in 100 Countries of State-Sponsored Spyware Attacks

Apple Warns iPhone Users in 100 Countries of State-Sponsored Spyware Attacks

SOC Teams Pivot Away from Traditional Network Detection and Response

SOC Teams Pivot Away from Traditional Network Detection and Response

Trend Micro announces AI-powered threat detection for enterprise security

Trend Micro announces AI-powered threat detection for enterprise security

SOFTWARE
View All
Capgemini announces perpetual ‘Know-Your-Customer’ sandbox for financial institutions

Capgemini announces perpetual ‘Know-Your-Customer’ sandbox for financial institutions

Coforge sells AdvantageGo unit to Sapiens in strategic move

Coforge sells AdvantageGo unit to Sapiens in strategic move

Bosch MPS launches Supply Chain Studio for enhanced logistics efficiency

Bosch MPS launches Supply Chain Studio for enhanced logistics efficiency

START - UP
View All
Data Safeguard Secures Seed Funding from Auxano Capital

Data Safeguard Secures Seed Funding from Auxano Capital

Perkant Tech raises INR 6.6 crore Seed Round Led by YourNest Venture Capital & Govt. Initiatives

Perkant Tech raises INR 6.6 crore Seed Round Led by YourNest Venture Capital & Govt. Initiatives

Second Edition of Startup Mahakumbh

Second Edition of Startup Mahakumbh

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

wew
wrdf
Start-Up and Unicorn Ecosystem
Startups To Struggle to Compete with Google, xAI, and OpenAI in the AI Arms Race

Startups To Struggle to Compete with Google, xAI, and OpenAI in the AI Arms Race

SAP SuccessFactors to drive HR transformation for Jaquar Group

SAP SuccessFactors to drive HR transformation for Jaquar Group

Ascendion to drive experience transformation with acquisition of UXReactor

Ascendion to drive experience transformation with acquisition of UXReactor

Wipro Launches GitHub Center of Excellence to Accelerate AI Innovation

Wipro Launches GitHub Center of Excellence to Accelerate AI Innovation

Investing.com Launches WarrenAI - A Cutting-Edge AI-Driven ‘Financial Researcher’

Investing.com Launches WarrenAI - A Cutting-Edge AI-Driven ‘Financial Researcher’

BAS Explained: Uncovering Hidden Security Gaps in Your Defenses

BAS Explained: Uncovering Hidden Security Gaps in Your Defenses

CDR: A Necessity for Securing Today's Digital Estate

CDR: A Necessity for Securing Today's Digital Estate

ChatGPT, Grok 3 Ghibli Art: Your Photos at Risk?

ChatGPT, Grok 3 Ghibli Art: Your Photos at Risk?

Safety of using AI remains a question mark

Safety of using AI remains a question mark

Adobe and the Rise of Alternative Creative Platforms

Adobe and the Rise of Alternative Creative Platforms

dsf