A recent analysis by Google’s Threat Analysis Group (TAG) and Google Cloud’s Mandiant has suggested that government-backed threat actors are more likely to be behind most exploitations of zero-day vulnerabilities than money-motivated cyber criminals. 

In the report outlining the findings of the analysis, of the 58 zero-days in 2023 that could be attributed to the threat actor’s motivations, 48 of them were found to be attributable to government-backed advanced persistent threat (APT) groups conducting espionage activities. Only 10 were attributed to financially motivated cyber criminals, e.g. ransomware gangs. 

The report singled out the People’s Republic of China (PRC) as the state leading the way for government-backed exploitation.