According to a new Microsoft study, nation-state groups are becoming a more dangerous threat as they increasingly target critical infrastructures and rapidly exploit zero-day vulnerabilities. Moreover, these nation-state and criminal actors are increasingly exploiting publicly disclosed zero-day vulnerabilities to violate target environments.
It also said that it has “observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability,” which makes it imperative that organizations patch such exploits on time.
In addition, Microsoft discovered that these actors “have begun to use innovation in automation, cloud infrastructure, and remote access technologies to attack a broader set of targets.” More advanced spoofing methodologies, a shift to targeting the IT services supply chain, and improved tactics to exploit zero-day vulnerabilities before they are publicly disclosed and patched, are part of this strategy.
It points out that, on average, it takes only 14 days for a malicious code to be available to the public after a bug becomes public, and that zero-day attacks, while initially strictly limited, are quickly adopted by other threat actors, leading to uncontrolled probing events before patches are installed.
And some of the vulnerabilities that were first exploited by Chinese actors before being picked up by other hostile groups include: CVE-2021-35211, CVE-2021-40539, CVE-2021-44077, CVE-2021-42321, and CVE-2022-26134.
The sources for this piece include an article in TheHackerNews.