55 Zero-Day Vulnerabilities Exploited in 2022: Mandiant Report

March 21, 2023

Google-owned cybersecurity firm Mandiant has conducted an analysis of the zero-day vulnerabilities disclosed in 2022, finding that 55 of them were exploited in attacks. The company only included vulnerabilities that were exploited in the wild before a patch was released in its analysis. This number represents a significant drop from the 81 zero-day vulnerabilities discovered in 2021 but is still higher than any other previous year.

Over a dozen of the zero-day vulnerabilities found in 2022 were linked to cyberespionage groups. Of those attributed, 13 were associated with such groups, including seven believed to have been exploited by Chinese state-sponsored groups. Chinese hackers targeted vulnerabilities such as CVE-2022-30190 (the Windows flaw known as Follina), and CVE-2022-42475 and CVE-2022-41328 (Fortinet product vulnerabilities). Two of the zero-days were attributed to state-sponsored threat actors linked to North Korea and two were tied to Russia. Three vulnerabilities were exploited by commercial spyware vendors such as Candiru and Variston. One flaw was seen being exploited by both China and Russia, as well as spyware vendors.

Four of the zero-days discovered in 2022 were likely exploited by financially motivated threat actors, including CVE-2022-29499 (by Lorenz ransomware), and CVE-2022-41091 and CVE-2022-44698 (by Magniber ransomware). Out of the 55 zero-days that emerged in 2022, 18 impacted Microsoft products, 10 impacted Google products, and 9 were found in Apple products. Other affected vendors included Fortinet, Mozilla, Sophos, Trend Micro, Zimbra, Adobe, Atlassian, Cisco, Mitel, SolarWinds, Zoho, QNAP, and Citrix. As for product types, 19 flaws impacted desktop operating systems, followed by browsers (11), security, IT and network management products (10), and mobile operating systems (6).

Mandiant noted, “Almost all 2022 zero-day vulnerabilities (53) were exploited for the purpose of achieving either (primarily remote) code execution or gaining elevated privileges, both of which are consistent with most threat actor objectives.” The full report from Mandiant also provides additional details, including information on why temporary workarounds can cause defender fatigue.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.