Zero-day attacks attempt to exploit a software vulnerability that is undisclosed to the software vendor and, therefore, no patch is available at the time of the attack. Zero-days have been demonstrated in a number of targeted attacks, including the Stuxnet attack, which exploited four zero-day vulnerabilities in Microsoft Windows while targeting Iran's nuclear centrifuge facility. Zero-day attacks are normally used by well-funded nation-state cybercriminal groups in cyberespionage activities. They also pose a serious threat to business intellectual property because the custom malware bypasses detection by traditional antivirus. The aim of the attacks is to collect as much data as possible, remaining stealthy over an extended period of time.