Security Market Segment LS
Wednesday, 08 April 2020 08:48

Israel used one zero-day in cyber attacks since 2012: claim

Israel used one zero-day in cyber attacks since 2012: claim Pixabay

Israel has used just one zero-day vulnerability in attacks it has crafted during the period 2012-19, if research by the security firm FireEye's Mandiant Threat Intelligence group is to be believed.

This is somewhat surprising given that the Israeli government group Unit 8200 is reputed to be the best of its kind when it comes to offensive cyber tactics. This group is said to have crafted Stuxnet in collaboration with the American NSA; it was used to attack Iran's nuclear plant in Natanz.

In a blog post, FireEye said it had documented more zero-days being exploited in 2019 than in any of the previous three years, with a big increase in the use of these exploits by groups that were customers of companies that build exploit weapons for sale.

"Additionally, we observed an increase in zero-days leveraged against targets in the Middle East, and/or by groups with suspected ties to this region," researchers Kathleen Metrick, Parnian Najafi and Jared Semrau wrote.

Of the countries listed, China was claimed to have used 20 zero-days, while Russia used 14 and the US and the United Arab Emirates nine each.

The appearance of the UAE in this research should come as no surprise, despite its size and relatively small population. for years, there have been reports that the government has hired American hackers to work on its behalf.


The FireEye researchers said there were a number of examples of threats being leveraged against Middle Eastern targets.

One case was that of a group described as Stealth Falcon and FruityArmor which had reportedly targeted journalists and activists. In 2016, this group used malware sold by the Israel-based NSO Group, which leveraged three iOS zero-days.

Another group dubbed SandCat was suspected to be linked to Uzbekistan state intelligence and had been observed using zero-days in operations. The source of the vulnerabilities was once again suspected to the NSO Group.

A third group that was cited was BlackOasis, which was claimed to have acquired at least one zero-day from private company Gamma Group.

Additionally, the FireEye trio listed a zero-day in WhatsApp which was said to have been used to distribute spyware developed by the NSO Group.

While Metrick, Najafi and Jared listed Chinese, North Korean and Russian groups as examples of major cyber powers exploiting zero-days, there was no mention of any American involvement, though the US was said to have used nine zero-days as mentioned above.

This may be because the main agency in the US developing and using offensive cyber tools, the NSA, outsources a lot of its work and security firms are reluctant to talk about such exploits for fear of losing lucrative contracts.

The FireEye researchers said it appeared that access to zero-day capabilities was being more and more commodified and said there could be two main reasons for this.

"Private companies are likely creating and supplying a larger proportion of zero-days than they have in the past, resulting in a concentration of zero-day capabilities among highly resourced groups," they wrote.

"Private companies may be increasingly providing offensive capabilities to groups with lower overall capability and/or groups with less concern for operational security, which makes it more likely that usage of zero-days will be observed."

Graphic: courtesy FireEye

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments