This is somewhat surprising given that the Israeli government group Unit 8200 is reputed to be the best of its kind when it comes to offensive cyber tactics. This group is said to have crafted Stuxnet in collaboration with the American NSA; it was used to attack Iran's nuclear plant in Natanz.
In a blog post, FireEye said it had documented more zero-days being exploited in 2019 than in any of the previous three years, with a big increase in the use of these exploits by groups that were customers of companies that build exploit weapons for sale.
"Additionally, we observed an increase in zero-days leveraged against targets in the Middle East, and/or by groups with suspected ties to this region," researchers Kathleen Metrick, Parnian Najafi and Jared Semrau wrote.
The appearance of the UAE in this research should come as no surprise, despite its size and relatively small population. for years, there have been reports that the government has hired American hackers to work on its behalf.
The FireEye researchers said there were a number of examples of threats being leveraged against Middle Eastern targets.
One case was that of a group described as Stealth Falcon and FruityArmor which had reportedly targeted journalists and activists. In 2016, this group used malware sold by the Israel-based NSO Group, which leveraged three iOS zero-days.
Another group dubbed SandCat was suspected to be linked to Uzbekistan state intelligence and had been observed using zero-days in operations. The source of the vulnerabilities was once again suspected to the NSO Group.
A third group that was cited was BlackOasis, which was claimed to have acquired at least one zero-day from private company Gamma Group.
Additionally, the FireEye trio listed a zero-day in WhatsApp which was said to have been used to distribute spyware developed by the NSO Group.
While Metrick, Najafi and Jared listed Chinese, North Korean and Russian groups as examples of major cyber powers exploiting zero-days, there was no mention of any American involvement, though the US was said to have used nine zero-days as mentioned above.
This may be because the main agency in the US developing and using offensive cyber tools, the NSA, outsources a lot of its work and security firms are reluctant to talk about such exploits for fear of losing lucrative contracts.
The FireEye researchers said it appeared that access to zero-day capabilities was being more and more commodified and said there could be two main reasons for this.
"Private companies are likely creating and supplying a larger proportion of zero-days than they have in the past, resulting in a concentration of zero-day capabilities among highly resourced groups," they wrote.
"Private companies may be increasingly providing offensive capabilities to groups with lower overall capability and/or groups with less concern for operational security, which makes it more likely that usage of zero-days will be observed."
Graphic: courtesy FireEye