Attack exploiting a software vulnerability unknown to the vendor with no available patch
A zero-day exploit is a cyberattack that takes advantage of a software vulnerability unknown to the vendor or the public — meaning there have been "zero days" of awareness and zero days of available patches. Zero-day vulnerabilities are extremely valuable because they provide guaranteed access to target systems until the flaw is discovered and fixed.
The U.S. intelligence community is one of the world's largest consumers of zero-day exploits. The NSA's Tailored Access Operations (TAO) unit — now called Computer Network Operations — develops and deploys zero-day exploits for intelligence collection and offensive cyber operations. The CIA's Center for Cyber Intelligence maintained its own arsenal, as revealed by the WikiLeaks "Vault 7" release in 2017, which exposed CIA hacking tools targeting iPhones, Android devices, smart TVs, and computer operating systems.
The government's stockpiling of zero-day vulnerabilities creates a tension between offensive intelligence capabilities and defensive cybersecurity. Every vulnerability the NSA hoards for surveillance is a vulnerability that remains unpatched in systems used by American citizens, companies, and critical infrastructure. When the NSA's EternalBlue exploit was stolen and released by a group called the Shadow Brokers in 2017, it was used in the WannaCry ransomware attack that caused billions of dollars in damage worldwide.
