In a recent analysis by Google Cloud’s Threat Intelligence team, an alarming increase in the exploitation of zero-day vulnerabilities by state-sponsored actors from China and North Korea has been identified. This marks the first instance where North Korea’s volume of exploits matches that of China. According to John Hultquist, chief analyst at Google Threat Intelligence Group, both countries have developed extensive ecosystems involving academics, contractors, and government entities to systematically identify and exploit these vulnerabilities.

Hultquist highlights a concerning trend where North Korean operatives disguise themselves as remote IT professionals to infiltrate Western companies. These operatives are seamlessly blending into the workforce, often receiving favorable performance evaluations under false pretenses. This infiltration poses a significant threat to corporate security, as these individuals can gain access to sensitive information and networks.

During an interview at the RSAC Conference 2025 with Information Security Media Group, Hultquist elaborated on how attackers are increasingly targeting unmonitored edge appliances using zero-day vulnerabilities to penetrate networks. He emphasized the organized efforts by nation-states like China and North Korea to exploit these vulnerabilities on a large scale. The interview also underscored the importance of collaboration between HR and cybersecurity teams to effectively detect and prevent such intrusions.

Hultquist has a rich background in cyberespionage intelligence, having established the cyberespionage intelligence practice at iSIGHT Partners before it was acquired by Mandiant. With over two decades of experience in intelligence and special operations, primarily focusing on emerging cyber threats, he also founded Cyberwarcon and Sleuthcon and teaches at Johns Hopkins University. His insights reveal the critical need for enhanced vigilance and strategic countermeasures against state-sponsored cyber threats.