Evidence of the increasing commercialisation/commoditisation of cyber criminal activity…:
[…] While known threat groups accounted for a substantial portion of the activity, FireEye found that a wide range of other groups leveraged zero-day exploits as well. In particular, researchers from FireEye observed a significant increase over time in zero-day exploit activity by international governments, US and other law enforcement agencies, and other customers of companies selling offensive cyber weapons.
“From 2012 to 2016, the actors most frequently using zero-days tended to be among the most sophisticated,” says Kelli Vanderlee, manager of intelligence analysis at FireEye Mandiant.
But since about 2017, the field has substantially diversified, at least partially due to the role of vendors offering offensive cyber threat capabilities.