Open Access

REVIEW

Unveiling Zero-Click Attacks: Mapping MITRE ATT&CK Framework for Enhanced Cybersecurity

Md Shohel Rana^1,2,3,4,*, Tonmoy Ghosh³, Mohammad Nur Nobi⁵, Anichur Rahman^1,6,*, Andrew H. Sung⁴

1 School of Computing, Georgia Southern University, Statesboro, GA 30460, USA
2 Department of Computer and Information Science, University of Massachusetts Dartmouth, Dartmouth, MA 02747, USA
3 Department of Software Engineering, Daffodil International University, Dhaka, 1207, Bangladesh
4 School of Computing Sciences and Computer Engineering, University of Southern Mississippi, Hattiesburg, MS 39406, USA
5 Department of Computer Science, University of Texas at San Antonio, San Antonio, TX 78249, USA
6 Department of Computer Science and Engineering, National Institute of Textile Engineering and Research, Dhaka, 1350, Bangladesh

* Corresponding Authors: Md Shohel Rana. Email: ; Anichur Rahman. Email:

Computers, Materials & Continua 2026, 86(1), 1-38. https://doi.org/10.32604/cmc.2025.069212

Received 17 June 2025; Accepted 18 September 2025; Issue published 10 November 2025

Abstract

Zero-click attacks represent an advanced cybersecurity threat, capable of compromising devices without user interaction. High-profile examples such as Pegasus, Simjacker, Bluebugging, and Bluesnarfing exploit hidden vulnerabilities in software and communication protocols to silently gain access, exfiltrate data, and enable long-term surveillance. Their stealth and ability to evade traditional defenses make detection and mitigation highly challenging. This paper addresses these threats by systematically mapping the tactics and techniques of zero-click attacks using the MITRE ATT&CK framework, a widely adopted standard for modeling adversarial behavior. Through this mapping, we categorize real-world attack vectors and better understand how such attacks operate across the cyber-kill chain. To support threat detection efforts, we propose an Active Learning-based method to efficiently label the Pegasus spyware dataset in alignment with the MITRE ATT&CK framework. This approach reduces the effort of manually annotating data while improving the quality of the labeled data, which is essential to train robust cybersecurity models. In addition, our analysis highlights the structured execution paths of zero-click attacks and reveals gaps in current defense strategies. The findings emphasize the importance of forward-looking strategies such as continuous surveillance, dynamic threat profiling, and security education. By bridging zero-click attack analysis with the MITRE ATT&CK framework and leveraging machine learning for dataset annotation, this work provides a foundation for more accurate threat detection and the development of more resilient and structured cybersecurity frameworks.

---

Keywords

---