INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
Ex-L3Harris exec jailed for 7 years selling zero-day exploits
| 2026-02-25 13:44 CRITICAL LOWExecutive Summary AI-generated
A former L3Harris executive, Peter Williams, has been sentenced to 87 months in prison for selling trade secrets to Russia. The Australian admitted to stealing eight exploits over a three-year period and sold them via encrypted means to a Russian bidder, resulting in a $35 million loss to the US and its geopolitical allies. Williams' actions led to significant national security risks and financial harm, with his restitution hearing scheduled for May 12. His prison sentence also came with an order to forfeit $1.3 million in cash and luxury items purchased using stolen funds. The incident highlights the importance of protecting intellectual property and preventing cyber espionage, as sanctioned individuals and companies continue to carry out similar activities worldwide.
Technical Mitigations AI-generated
* Implement robust access controls and authentication mechanisms to prevent unauthorized personnel from accessing sensitive information or systems.
* Conduct regular security audits and penetration testing to identify vulnerabilities and weaknesses in the organization's defenses.
* Utilize encryption technologies, such as end-to-end encrypted messaging apps or secure file storage solutions, to protect sensitive data both within and outside the organization.
* Establish a clear incident response plan that includes procedures for responding to potential breaches of sensitive information or systems.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
Operation ZeroOperation Zero
Target & Sectors
NORTH_AMERICA
NORTH_AMERICA
FIVE_EYES
FIVE_EYES
governmentgovernment
defensedefense
technologytechnology
legallegal
Incident Timeline
2025-02-24
Peter Williams was jailed for 7 years.
Click on any entity below to view its context and source!
organisation
District Court
Peter Williams, 39,
admitted to two counts
of theft of trade secrets in U.S. District Court in Washington, D.C., last year, acknowledging he took at least eight exploits or exploit components while working at Trenchant, a specialized cybersecurity unit owned by L3Harris.
Between 2022 and 2025
Threat actors used a Russian exploit broker to steal at least eight protected exploit components from U.S. government and allied systems between 2022 and 2025, which were then sold to the broker for use by non-NATO buyers.
Click on any entity below to view its context and source!
target_region
Russian Federation
Between 2022 and 2025, Williams stole at least eight protected exploit components intended for the exclusive use of the U.S. government and its allies and sold them to the Matrix Russian exploit broker (doing business as Operation Zero), which advertises itself as a reseller of hacking tools to non-NATO buyers.
industry
Government
Between 2022 and 2025, Williams stole at least eight protected exploit components intended for the exclusive use of the U.S. government and its allies and sold them to the Matrix Russian exploit broker (doing business as Operation Zero), which advertises itself as a reseller of hacking tools to non-NATO buyers.
campaign
Operation Zero
Between 2022 and 2025, Williams stole at least eight protected exploit components intended for the exclusive use of the U.S. government and its allies and sold them to the Matrix Russian exploit broker (doing business as Operation Zero), which advertises itself as a reseller of hacking tools to non-NATO buyers.
attribution
non-NATO
Between 2022 and 2025, Williams stole at least eight protected exploit components intended for the exclusive use of the U.S. government and its allies and sold them to the Matrix Russian exploit broker (doing business as Operation Zero), which advertises itself as a reseller of hacking tools to non-NATO buyers.
2026-02-25
Peter Williams, an ex-L3Harris executive, was sentenced to 87 months in prison for selling eight zero-day exploits to a Russian broker.
Click on any entity below to view its context and source!
victims
3 Company
In court, the government referred to the buyer as “Company 3,” but details read aloud during the plea hearing pointed to Operation Zero, a Russian exploit broker that publicly markets itself online as a platform for purchasing zero-day vulnerabilities.
organisation
L3Harris
The former general manager of L3Harris's cyber arm will spend the next seven years behind bars for selling trade secrets to Russia.
organisation
The U.S. Treasury Department
"
The U.S. Treasury Department has also confirmed on Tuesday that the Russian broker was Operation Zero and
announced sanctions
against the company and its owner.
organisation
the U.S. Treasury
Additionally, Operation Zero was
one of two zero-day brokerages
sanctioned by the U.S. Treasury in a separate announcement made Tuesday.
organisation
Operation Zero
The Treasury confirmed that St Petersburg-based Operation Zero was the recipient of the eight exploits Williams sold, and the company then sold these on to at least one unauthorized user.
organisation
Treasury
The Treasury confirmed that St Petersburg-based Operation Zero was the recipient of the eight exploits Williams sold, and the company then sold these on to at least one unauthorized user.
organisation
BleepingComputer
BleepingComputer reached out to Operation Zero for comment, but we are still waiting for their response.
organisation
District Court
U.S. District Court Judge Loren AliKhan
sentenced Williams to 87 months in prison
on Tuesday and ordered him to forfeit $1.3 million, cryptocurrency, a house, and various other luxury goods.
financial
$1.3 Williams
U.S. District Court Judge Loren AliKhan
sentenced Williams to 87 months in prison
on Tuesday and ordered him to forfeit $1.3 million, cryptocurrency, a house, and various other luxury goods.
The Justice Department has estimated the theft caused $35 million in losses to the contractor, while prosecutors said Williams earned $1.3 million tied to the sales and should be ordered to pay that amount in restitution.
organisation
The Justice Department
The Justice Department has estimated the theft caused $35 million in losses to the contractor, while prosecutors said Williams earned $1.3 million tied to the sales and should be ordered to pay that amount in restitution.
financial
$35 theft
The Justice Department has estimated the theft caused $35 million in losses to the contractor, while prosecutors said Williams earned $1.3 million tied to the sales and should be ordered to pay that amount in restitution.
Williams acknowledged that his actions led to a $35 million loss to the US and its geopolitical allies, and harmed the intelligence communities of the US and his native Australia.
Prosecutors said that the theft caused $35 million in losses to L3Harris and that the stolen tools could have enabled access to millions of devices worldwide.
organisation
Azimuth Security
Trenchant’s origins are also part of the record: it was formed after
L3Harris acquired Azimuth Security
and Linchpin Labs, Australian firms associated with exploit development.
organisation
Neither Trenchant
Neither Trenchant nor L3Harris is accused of wrongdoing in the criminal case.
organisation
Special Technology Services LLC FZ
United Arab Emirates-based Special Technology Services LLC FZ (STS), another of Zelenyuk's companies, which the US believes was established to carry out similar business in Asia and the Middle East.
organisation
STS
United Arab Emirates-based Special Technology Services LLC FZ (STS), another of Zelenyuk's companies, which the US believes was established to carry out similar business in Asia and the Middle East.
organisation
Trump
"Treasury will continue to work alongside the rest of the Trump administration to protect sensitive American intellectual property and safeguard our national security."
organisation
Advance Security Solutions
Mamashoyev's company, Advance Security Solutions, an alleged exploit broker based in the UAE and Uzbekistan, was also sanctioned.
organisation
The Register
"
The Register
contacted Williams' legal representatives and L3Harris.
organisation
Zelenyuk
Zelenyuk and his company had openly stated that they would only sell exploits to non-NATO countries and had made efforts to develop their own products, such as
spyware
and ways of exfiltrating personal data from
AI products
.
Also sanctioned is
organisation
non-NATO
Zelenyuk and his company had openly stated that they would only sell exploits to non-NATO countries and had made efforts to develop their own products, such as
spyware
and ways of exfiltrating personal data from
AI products
.
Also sanctioned is
organisation
Marina Evgenyevna Vasanovich
Other individuals sanctioned include Marina Evgenyevna Vasanovich, Zelenyuk's assistant, Azizjon Makhmudovich Mamashoyev, and Oleg Vyacheslavovich Kucherov.
organisation
Office of Foreign Assets Control (OFAC
The actions taken by the Treasury's Office of Foreign Assets Control (OFAC) this week are the first made under the Protecting American Intellectual Property Act (PAIPA), which became law in 2023.
organisation
the Protecting American Intellectual Property Act
The actions taken by the Treasury's Office of Foreign Assets Control (OFAC) this week are the first made under the Protecting American Intellectual Property Act (PAIPA), which became law in 2023.
organisation
Trenchant
Williams used a portable external hard drive to transfer the exploits out of secure networks at Trenchant's offices in Sydney and Washington, D.C., before sending the stolen tools to the broker via encrypted channels.
organisation
Modern
Modern IT infrastructure moves faster than manual workflows can handle.
organisation
Tines
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
May 12
Threat actors used a Russian broker to sell exploits to the Russian Federation.
Click on any entity below to view its context and source!
target_region
Russian Federation
A restitution hearing is scheduled for May 12, but his prison sentence also came with an order to forfeit $1.3 million in cash, as well as the crypto, properties, and luxury items purchased using the Russian broker's money.
financial
$1.3 Williams
A restitution hearing is scheduled for May 12, but his prison sentence also came with an order to forfeit $1.3 million in cash, as well as the crypto, properties, and luxury items purchased using the Russian broker's money.
Tactical Metrics
Metrics
victims
3
Company
Click for context!
In court, the government referred to the buyer as “Company 3,” but details read aloud during the plea hearing pointed to Operation Zero, a Russian exploit broker that publicly markets itself online as a platform for purchasing zero-day vulnerabilities.
Metrics
financial
35,000,000
Theft
The Justice Department has estimated the theft caused $35 million in losses to the contractor, while prosecutors said Williams earned $1.3 million tied to the sales and should be ordered to pay that amount in restitution.
Williams acknowledged that his actions led to a $35 million loss to the US and its geopolitical allies, and harmed the intelligence communities of the US and his native Australia.
Prosecutors said that the theft caused $35 million in losses to L3Harris and that the stolen tools could have enabled access to millions of devices worldwide.
Metrics
financial
1,300,000
Williams
The Justice Department has estimated the theft caused $35 million in losses to the contractor, while prosecutors said Williams earned $1.3 million tied to the sales and should be ordered to pay that amount in restitution.
A restitution hearing is scheduled for May 12, but his prison sentence also came with an order to forfeit $1.3 million in cash, as well as the crypto, properties, and luxury items purchased using the Russian broker's money.
U.S. District Court Judge Loren AliKhan
sentenced Williams to 87 months in prison
on Tuesday and ordered him to forfeit $1.3 million, cryptocurrency, a house, and various other luxury goods.
Intelligence Sources
The Register - Cybercrime
2026-02-25
Ex-L3Harris exec jailed 7 years for selling exploits to Russia
The Register - Cybercrime
BleepingComputer
2026-02-25
CyberScoop
2026-02-24
Unpublish from Social Media?
Are you sure you want to delete this podcast video from all synchronized social networks (YouTube, Facebook, Threads)?
Important:
Due to Meta API restrictions, Instagram Reels cannot be deleted automatically via API by third-party apps.
View Profile to Delete Manually
View Profile to Delete Manually
Tactical Intelligence
Report Intelligence Issue
Podcast Options
Generate
Incident Version History
CURRENT VERSION
Last Updated: 2026-04-27T07:20
Comprehensive Tactical Telemetry
Highly Correlated Entities
23x
organisation
Identified Entity
District Court
entity
9x
timeline
Temporal Reference
87 months
date
5x
source region
Origin Country
Australia
country
4x
target region
Target Country
Russian Federation
country
4x
industry
Targeted Sector
Government
sector
4x
attribution
Attributing Entity
the Australian Signals Directorate
authority
2x
tactic
Cyber Operation Type
Espionage
tactic
Contextual Telemetry
Context Block
6 METRICS
campaign
Campaign
Operation Zero
operation
victims
Company
3
company
financial
Theft
35,000,000
theft
financial
Williams
1,300,000
williams
source region
Origin Region
MIDDLE_EAST
region
target region
Target Region
FIVE_EYES
region
Click on any entity below to view its context in the main text!
Selective Unpublish
Selecciona las redes de las que quieres eliminar esta publicación. El sistema intentará borrar el post real de la API y limpiará la base de datos para que puedas volver a lanzarlo.
By navigating this website, you accept the use of strictly necessary technical cookies for session security and basic platform functionality. We do not use tracking or advertising cookies.
Read our Privacy Policy.