Designation of Russia-Based Zero-Day Exploits Broker and Affiliates for Theft of U.S. Trade Secrets
Summary:
A 39-year-old Australian national, Peter Williams, a former employee of U.S. defense contractor L3Harris, has been sentenced to 87 months in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars in cryptocurrency.
Williams pleaded guilty in October 2025 to two counts of theft of trade secrets and was also ordered to serve three years of supervised release, forfeit $1.3 million in illicit proceeds, cryptocurrency, property, and luxury items, and appear at a restitution hearing scheduled for May 12, 2026.
Prosecutors said the zero-day exploits, designed exclusively for use by the U.S. government and select allies, could have enabled large-scale cybercrime and state-directed operations, including espionage, ransomware, and attacks against military targets, and caused an estimated $35 million in losses to his employer.
Security Officer Comments:
The stolen components were sold to a Russian cyber-tools broker operated by Sergey Sergeyevich Zelenyuk, the director and owner of Operation Zero.
In parallel with the sentencing, the U.S. government announced sanctions against Zelenyuk, Operation Zero, and associated entities, including UAE-based Special Technology Services LLC FZ, under actions led by the Office of Foreign Assets Control and the United States Department of State.
Authorities said Operation Zero actively brokers zero-day exploits, has offered multimillion-dollar bounties for vulnerabilities in popular U.S. software and mobile platforms, and has sought to recruit hackers and establish relationships with foreign intelligence services. Officials further noted that Williams sold the tools to a broker whose customers include the Russian government, directly placing U.S. and allied national security at risk.
Link(s):
https://www.state.gov/releases/offi...nd-affiliates-for-theft-of-u-s-trade-secrets/
A 39-year-old Australian national, Peter Williams, a former employee of U.S. defense contractor L3Harris, has been sentenced to 87 months in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars in cryptocurrency.
Williams pleaded guilty in October 2025 to two counts of theft of trade secrets and was also ordered to serve three years of supervised release, forfeit $1.3 million in illicit proceeds, cryptocurrency, property, and luxury items, and appear at a restitution hearing scheduled for May 12, 2026.
Prosecutors said the zero-day exploits, designed exclusively for use by the U.S. government and select allies, could have enabled large-scale cybercrime and state-directed operations, including espionage, ransomware, and attacks against military targets, and caused an estimated $35 million in losses to his employer.
Security Officer Comments:
The stolen components were sold to a Russian cyber-tools broker operated by Sergey Sergeyevich Zelenyuk, the director and owner of Operation Zero.
In parallel with the sentencing, the U.S. government announced sanctions against Zelenyuk, Operation Zero, and associated entities, including UAE-based Special Technology Services LLC FZ, under actions led by the Office of Foreign Assets Control and the United States Department of State.
Authorities said Operation Zero actively brokers zero-day exploits, has offered multimillion-dollar bounties for vulnerabilities in popular U.S. software and mobile platforms, and has sought to recruit hackers and establish relationships with foreign intelligence services. Officials further noted that Williams sold the tools to a broker whose customers include the Russian government, directly placing U.S. and allied national security at risk.
Link(s):
https://www.state.gov/releases/offi...nd-affiliates-for-theft-of-u-s-trade-secrets/