The new political thriller series imagines a large-scale cyberattack on the US. How realistic is the show?

Zero Day Billboard with Robert DeNiro on Sunset Blvd on February 24, 2025 in Los Angeles, California, USA

“This will happen again.” The message flashes across smartphone screens as power, transit, air traffic control systems, phones, and life support systems simultaneously shut down for one minute. Chaos ensues, and it is up to Robert DeNiro as fictional former president George Mullen to get to the bottom of this massive cyberattack.  

Netflix’s political thriller “Zero Day,” released Feb. 20, portrays the impact of a devastating critical infrastructure attack on the United States, the race to find the culprit, and prevent another incident. InformationWeek talked to two cybersecurity experts who watched the show with professional interest. How much of the show is grounded in reality, and how much of it is pure dramatization?  

What Could Actually Happen?

Zero days, the namesake of the show, are vulnerabilities that developers are not aware of and are very real cybersecurity risks. In 2023, 11 of the top 15 common vulnerabilities and exposures (CVEs) were exploited as zero days, according to a report from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA). Attacks on critical infrastructure are also firmly rooted in reality.  

Full series spoiler warning — how the cyberattack unfolds in “Zero Day” gives reason for experts to raise their eyebrows. A single attack taking down multiple systems all at once is a far-fetched scenario. Even characters in the show note this isn’t what you’d expect of a typical zero-day attack. 

Related:How to Overcome the Quantum Threat

”They say that a zero day typically targets a single operating system, a single platform. This targeted multiple … we didn’t think that was possible,” Kevin Breen, senior director of cyber threat research at cybersecurity training company Immersive, tells InformationWeek. “I like that they call that out really early on.” 

Russia is immediately considered the top suspect behind the attack portrayed on “Zero Day.”  In reality, Russia is considered one of the top nation state cyber threats to the US. The initial investigation on the Netflix series points in the direction of Russia, but the clues are intentionally misleading. 

Threat analysts investigating real-world incidents are well aware that threat actors will deploy deceptive techniques to make attribution more difficult. “They might make their malware look like it was written by another state or by a specific group to try and throw researchers off,” says Breen.  

And that ominous message on the phone? A possibility, given the ubiquity of certain apps and the right access. “They could be weaponized to show that kind of message,” says Breen. 

The show features two more cyberattacks after the initial incident that kicks off the drama: one on a bank and another that takes out swaths of critical systems again, this time for a longer period.  

Banks are certainly targets of real-life attacks with major consequences. Earlier this year, due to a third-party vendor issue and not a cyberattack, Capital One and several other banks suffered an outage that impacted thousands of customers.   

A second cyberattack on the same system is not too much of a stretch either. Research indicates that once an organization has experienced a cyberattack it is more likely to suffer another within 12 months.  

As the show progresses, it comes to light that Russia is not the culprit. Rather, it is an elaborate conspiracy involving a domestic cyber threat group, a couple of billionaires, and members of the government. While that exact scenario may be hard to imagine actually happening, the idea of insider threats is very real. In the 2024 Insider Threat report from Cybersecurity Insiders, 83% of organizations reported experiencing an insider attack.  

Monica Kidder, the tech billionaire of “Zero Day,” decides to help orchestrate the attacks on critical systems in retaliation for a Federal Trade Commission (FTC) investigation into her company. She gets her hands on malware originally created by the NSA and pushes it out through her company’s apps to execute the attack. 

How feasible is this plot? “If this was originally created by the National Security Agency, nobody really knows what their capabilities are,” John Waller, cybersecurity practice lead at Black Duck, a provider of application security solutions, points out.  

Coupled with the resources of billionaires and government coconspirators, the possibilities are certainly frightening.  

The concept of a backdoor in systems is one we have seen. In 2024, a Microsoft engineer discovered a backdoor inserted into software used in Linux distributions. This particular backdoor was caught early, before it made it into mainline distribution.  

“Somebody out there who put it in there would have had the ability to have command and control over virtually every server in the world that runs on Linux operating system that was updated to that version,” says Waller.  

Threat actor access to critical systems is certainly a point of major concern. China-backed APT groups breached US telecommunications companies and the US Department of Treasury. And there is ongoing worry over persistent access that is laying the groundwork for destructive cyberattacks.  

Of course, being a television show, “Zero Day” takes creative liberties. The idea of turning off so many critical systems for a minute and then just as quickly turning them back on requires some suspension of disbelief for cybersecurity experts.  

“So, turning something off, arguably easier than getting it back on,” says Breen.  

While billions of dollars undoubtedly buy a lot of power when it comes to cyberattack capabilities, Breen is skeptical that Kidder would have been able to pull off the technical aspects of the attack with the help of just a handful of people.  

“You’d have to have the entire development team on board with your methodology to get past all of the CI/CD and the code checks. It’s not like it’s a single developer who can just make those changes and push them,” says Breen.  

Even if a few people were able to pull off this gigantic cyberattack with a stolen piece of malware that can somehow compromise so many different kinds of systems all at once, Waller is skeptical that its work would happen so invisibly.  

“To think of that there’s some technology, some way of bypassing all of our logging and monitoring systems, that’s probably the hardest thing that I have to believe,” says Waller.  

And what about the response to the cyberattack in the series? Naturally, the timeline for incident response is condensed and inflated in various ways for good storytelling, according to Breen.  

The team involved is also much narrower than what would likely occur in reality. Mullen leads a government team to get to the bottom on the attack. In reality, there would likely be much more public-private coordination, given just how many different systems are involved.  

“The task force wouldn’t have just been a government agency. It would have been bringing together tech to solve the problem,” says Waller.  

While “Zero Day” does make references to switching to analog technologies in the wake of the cyberattack, many of the characters continue to use their smartphones, despite the widespread compromise of those devices.  

“If I was an attacker and I had that level of access to be able to put those kinds of things onto devices, I’d be intercepting phone calls, I’d be stealing documents, capturing passwords,” Breen points out.  

Prior to Breen’s work in cybersecurity, he spent time as a radio technician for the British Army. He calls out the threat actors’ use of radios to send encoded messages to one another.  

“That is pure fiction. We have [the] modern technology to be able to run encrypted communications over radios and long distances without relying on number codes or sequences that can be trivially broken,” he explains.  

Lessons from a Fictional Cyberattack 

“Zero Day” is meant to be entertaining and aims to keep viewers guessing with its increasingly nefarious conspiracy, lingering suspicions about a neurological weapon, and sticky questions about what is and isn’t truth. Not every aspect of the cyberattacks depicted in the show are in the immediate realm of possibility, but the ongoing threat and goals of these attacks are real.  

“The chances of that huge style of attack still remain in Hollywood myth, but that doesn’t mean that we shouldn’t do everything we can to protect ourselves against it,” says Breen.