Russian Zero-Day Seller Offers $4m For Exploits in Telegram

In this blog series we spotlight one of the stories from our cybersecurity newsletter, Beacon.

Operation Zero, a “zero-day company” that exclusively procures and sells exploits to Russian private and government organizations, announced on Thursday that it’s seeking vulnerabilities in the messaging app Telegram.

The company provided the prices it is willing to pay for particular types of exploits:

• $500k for a “one-click” a remote code execution (RCE) exploit.
• Up to $1.5m for a zero-click RCE exploit.
• Up to $4 million for a “full chain” of exploits.

Operation Zero is an exploit broker that first emerged in 2021. In 2023, it came to notoriety of offering (ironically on its Telegram accounts) up to $20 million for exploits impacting Android and iPhone devices.

Operation Zero’s current focus on Telegram may be due to a number of factors, including the apps popularity in Russia and Ukraine.

Zero-days are vulnerabilities that are unknown to the software developer. The lack of awareness of the flaw leaves companies particularly vulnerable to exploitation, which is why zero-days are priced so highly. 

Listen to our recent podcast episode Encrypted Communication Apps: From Telegram to EncroChat to find out more about how Telegram is viewed in the cybercriminal community, and alterative apps such as Signal, Tox, and Jabber.

If you’d like the latest dark web news and insights delivered into your inbox every Thursday at 10am, SIGN UP to the email version of Beacon.