In a recent report released by Google, the tech giant has shed light on the global cyber threat landscape throughout 2024. Contrary to the popular image of lone hackers in dark basements, Google’s findings reveal that a significant portion of cyberattacks this year were state-sponsored—many even directly funded by national governments. The report specifically highlights the increasing use of zero-day vulnerabilities, which are software flaws unknown to developers and unpatched at the time of exploitation.
According to Google’s data, 75 zero-day exploits were identified in 2024—a 23% drop from the 98 cases reported in 2023. However, while the overall number has declined, the nature of the attacks has grown more sophisticated and concerning. The majority of these attacks, Google notes, were carried out by hackers working under the direct support or control of state entities.
Of the 75 recorded zero-day exploits, 23 were attributed to government-linked operations. Among these, 10 were definitively conducted by government-backed hackers. Leading this group is North Korea, responsible for five of the attacks, followed closely by China, also with five confirmed cases. Other state actors include Russia and South Korea, each responsible for one identified exploit.
Source: thehackernews.com
Google’s findings suggest a troubling trend: cyber warfare is no longer the exclusive domain of underground criminal networks but is increasingly becoming a tool wielded by governments. These attacks not only target rival states but often focus on corporate networks, infrastructure, and even individual users.
In addition to state-sponsored hackers, Google's report also identifies eight zero-day attacks linked to Commercial Surveillance Vendors (CSVs). These vendors operate as cyber-mercenaries, developing surveillance tools and exploits for sale or lease to governments. While their work is often shrouded in secrecy, their involvement further underscores the growing role of the private sector in geopolitical cyber operations.
The report also notes 11 attacks that likely originated from cybercriminal groups, including ransomware operators. These actors primarily targeted enterprise devices such as VPNs and routers but did not shy away from attacking consumer platforms. In fact, a large number of the 75 exploits in 2024 were aimed at personal devices—particularly smartphones and web browsers.
Google emphasizes that the report only includes threats it was able to detect and verify. Thus, the actual number of state-backed attacks could be significantly higher. Nonetheless, the research paints a stark picture of the evolving cyber battlefield, where governments are no longer bystanders but active participants.
As cyber threats become more state-aligned and technologically advanced, Google’s report serves as a reminder of the urgent need for stronger cybersecurity frameworks and international cooperation to deter and address politically motivated digital warfare.