Cyber Security News

Google Warns: Threat Actors Growing More Sophisticated, Exploiting Zero-Day Vulnerabilities

Google’s Mandiant team has released its M-Trends 2025 report, highlighting the increasing sophistication of threat actors, particularly China-nexus groups.

These adversaries are deploying custom malware ecosystems, exploiting zero-day vulnerabilities in security appliances, and utilizing proxy networks resembling botnets to evade detection.

Their tactics also include targeting edge devices lacking endpoint detection and response (EDR) capabilities and employing bespoke obfuscation techniques in malware.

This concerted effort to bypass traditional defenses enables prolonged persistence within compromised systems, posing significant challenges to cybersecurity teams worldwide.

Diverse Attack Vectors and Opportunistic Exploits

While high-complexity attacks are on the rise, Mandiant’s findings reveal that many successful breaches stem from simpler, opportunistic methods.

Stolen credentials, often harvested through infostealer operations, have surged to become the second most common initial infection vector, accounting for 16% of investigated incidents in 2024, trailing only exploits at 33%.

Additionally, attackers are capitalizing on missteps during cloud migrations and targeting unsecured data repositories to pilfer sensitive information.

The report also notes a steady increase in financially motivated threat groups, comprising 55% of active actors in 2024, while espionage-driven groups account for 8%.

Key industries under siege include financial services (17.4%), business and professional services (11.1%), and high tech (10.6%), underscoring the broad scope of these threats.

The M-Trends 2025 report, based on over 450,000 hours of incident response investigations from January to December 2024, uncovers other alarming trends.

Global median dwell time for adversaries has risen to 11 days from 10 in 2023, with longer durations (26 days) when external notifications trigger detection compared to a mere 5 days in ransomware cases where adversaries self-disclose.

Emerging threats include DPRK operatives posing as remote IT contractors to fund national agendas, Iran-nexus actors intensifying operations against Israeli targets, and increased exploitation of cloud-based single sign-on portals for widespread access.

Additionally, Web3 technologies like cryptocurrencies are becoming prime targets for theft and illicit financing.

Mandiant urges organizations to adopt a multi-layered security posture to counter these evolving threats.

Prioritizing fundamentals such as vulnerability management, least privilege principles, and system hardening is critical.

Implementing FIDO2-compliant multi-factor authentication for all accounts, especially privileged ones, can thwart credential theft.

Organizations should also bolster detection with advanced technologies, enhance logging and monitoring to shrink dwell times, and conduct threat hunting to uncover hidden compromises.

Cloud environments demand rigorous audits to address misconfigurations, while insider risks require stringent vetting and access controls, particularly for remote workers.

Staying abreast of threat intelligence and regularly updating security policies are equally vital to adapt to this dynamic landscape.

With these insights from the frontlines, Mandiant’s M-Trends 2025 serves as a crucial guide for defenders aiming to stay one step ahead of increasingly sophisticated adversaries.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Aman Mishra

Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Recent Posts

Threat Actors Use Fake DocuSign Notifications to Steal Corporate Data

DocuSign has emerged as a cornerstone for over 1.6 million customers worldwide, including 95% of…

9 hours ago

Government Calls on Organizations to Adopt SIEM and SOAR Solutions

In a landmark initiative, international cybersecurity agencies have released a comprehensive series of publications to…

10 hours ago

WordPress TI WooCommerce Wishlist Plugin Flaw Puts Over 100,000 Websites at Risk of Cyberattack

A severe security flaw has been identified in the TI WooCommerce Wishlist plugin, a widely…

10 hours ago

Microsoft Alerts on Void Blizzard Hackers Targeting Telecommunications and IT Sectors

Microsoft Threat Intelligence Center (MSTIC) has issued a critical warning about a cluster of global…

11 hours ago

Hackers Use Fake OneNote Login to Capture Office365 and Outlook Credentials

A recent investigation by security analysts has uncovered a persistent phishing campaign targeting Italian and…

11 hours ago

Hackers Exploit Craft CMS Vulnerability to Inject Cryptocurrency Miner Malware

Threat actors have exploited a critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-32432, in…

11 hours ago