It would be underestimation if we say that Zero day hacking techniques are still exclusive to powerful strong actors possessing next generation hacking capabilities. It has now become an important tool used by state and non-state actors for various interest achievement. A recent study taken up by Fire Eyes testifies the fact in data oriented terms.
The global map of zero-day hacking clearly indicates that the practice has expanded much beyond the leaders such as United States, Russia, and China,. As of today, more and more countries than ever buy themselves a piece of it.
FireEye analyzed how zero-days have been used worldwide over the past seven years. It data is primarily derived from research organizations and Google Project Zero findings. During its investigative analysis, FireEye resolved that 55 of those secret hacking techniques in to state-led operations used this technique
The data collected and presented by the security firm clearly showcases the collection of countries using those hacking techniques. The surprise element is that low key players like United Arab Emirates and Uzbekistan too have acquired the expertise on the technique. It is certainly the impact of the changing and evolving cyber industry infrastructure and wealthy players. Today these services are easily made accessible to any country that is ready to pay the price ending its long term exclusivity. Aptly put by Kelli Vanderlee, the manager of FireEye’s Intelligence Analysis group. “The biggest barrier between an attacker and a zero-day is not skill, but cash.”
Intriguingly, FireEye pointed out to NSO Group, Gamma Group, and Hacking Team as the sort of contractors that cushioned the new cadre of countries for buying their way into the zero-day hacking field.
For instance,NSO Group has aided UAE by presenting espionage-focused hacking capabilities like Stealth Falcon and FruityArmor. The same presented capabilities were also used by a group called SandCat, associated with Uzbekistan’s intelligence agency known as the SSS.
Fire Eye suggests that both Russia and China have opted for phishing and commodity hacking operations to steal information from the target’s network. This is easily achievable if the actor possesses a team of sophisticated hackers who came reverse engineer the target application and quickly develop attack strategy and execution before the vulnerability patch is identified and solutions reach the masses.
“Within hours of disclosure of a vulnerability, they’re able to create an exploit and use it,” Vanderlee says. “Waiting for vulnerabilities to be disclosed like this might be a more-bang-for-your-buck strategy for these actors, because they don’t have to put in the resources to find a zero-day by sifting through software code.”
Due to lack of evidence Fire Eye was not able to pin it the usage of the technique by many other countries . But the line of events otherwise clearly reflects the successful usage of the technique by new actors such as Saudi Arabia, which reportedly used a zero-day in WhatsApp to hack the personal phone of Amazon CEO Jeff Bezos. NSA group also leaked information on Shadow Brokers group, South Korea’s hacking groups were recently tied to five zero-days used to target .
The study though made a clear revelation that Zero day hacking technique is no more an exclusive capablity but a widely used technique by various countries in association with sophisticated cyber agencies to meet their national interests.