Former U.S. Defense contractor executive sentenced for selling zero-day exploits to Russian broker Operation Zero

A former employee at U.S. defense contractor L3Harris got over 7 years in prison for selling eight zero-days to a Russian broker.

Peter Williams, a 39-year-old Australian former L3Harris employee, received a prison sentence of just over seven years for selling eight zero-day exploits to the Russian broker Operation Zero for millions. Williams pleaded guilty in October 2025 to two counts of trade secret theft. The court also imposed three years of supervised release and ordered him to forfeit assets, including property, luxury items, and cryptocurrency proceeds.

“Today, Peter Williams, 39, an Australian national, was sentenced in the U.S. District Court for the District of Columbia to 87 months in prison for selling his employer’s trade secrets — sensitive and protected cyber-exploit components — to a Russian cyber-tools broker, announced the Department of Justice.” reads the press release published by DoJ. “In addition to the 87-month prison term, U.S. District Court Judge AliKhan for the District of Columbia ordered Williams to serve three years of supervised release with special conditions, to forfeit a money judgment of $1.3 million, cryptocurrency and property to include a house, and luxury items such as watches and jewelry. The Court also set a restitution hearing for May 12, 2026.”

In October 2025, the journalist Kim Zetter revealed the case’s connection to Operation Zero, which had occurred the previous year.

“The former executive of Trenchant who pleaded guilty this week to selling his company’s software hacking tools to a zero-day broker in Russia, sold at least one of these tools to the Russian firm even after learning that a previous tool he sold the broker was being used by a South Korean broker – indicating that the stolen tools were being passed on to others downstream.” wrote Zetter. “In June 2025, he signed an agreement with the Russian buyer to sell stolen code for $500,000 and transmitted the code to the buyer just days before he met with the FBI to discuss their investigation in to the theft of Trenchant’s code.”

Trenchant sells zero-day exploits and advanced hacking tools exclusively to the U.S. government and a limited group of allied governments, likely including Australia. Williams worked for the Australian Signals Directorate in the 2010s, conducting cyber espionage similar to the U.S. NSA. After leaving ASD, he joined a company that later became L3Trenchant. The firm emerged in 2018 after L3Harris acquired Australian exploit developers Azimuth and Linchpin Labs, both known for supplying zero-days and hacking tools to the U.S. and allied governments.

Court documents say the stolen exploits could target civilian and military victims worldwide, enabling fraud, ransomware, espionage, and offensive cyber operations. According to court documents, Williams abused his senior role and sold the tools for up to $4 million in cryptocurrency, potentially exposing millions of devices. Over three years, from 2022 to 2025, eight zero-day exploit components were stolen from L3Harris. The tools, intended only for the U.S. government and select allies, caused an estimated $35 million in losses.

“Williams took trade secrets comprised of national security software and sold them for up to $4 million in crypto currency. These incredibly powerful tools would have allowed Russia to access millions of digital devices,” said U.S. Attorney Jeanine Pirro for the District of Columbia. “By betraying a position of trust and selling sensitive American technology, Williams’ crime is not only one of theft, it is a crime of national security. Our nation’s defense capabilities are not commodities to be auctioned off. People like Williams who endanger our national security will be met with swift and decisive consequences.”

The U.S. State Department designated Operation Zero, its director Sergey Sergeyevich Zelenyuk, and Special Technology Services LLC FZ (STS) under the Protecting American Intellectual Property Act over the stolen trade secrets. Zelenyuk, a Russian national, founded STS in the UAE to expand operations across Asia and the Middle East and likely bypass U.S. sanctions.

OFAC is sanctioning individuals and companies linked to Zelenyuk, including his assistant Marina Vasanovich and UAE-based STS, for acting on his behalf. Azizjon Mamashoyev and Oleg Kucherov, former Operation Zero associates—with Kucherov tied to the Trickbot gang—are also designated for materially supporting Zelenyuk. Advance Security Solutions, Mamashoyev’s UAE/Uzbekistan exploit brokerage, is sanctioned for similar reasons.

Russian national Sergey Zelenyuk has run Operation Zero, based in St. Petersburg, since 2021 as an exploit broker. The company offers large bounties for exploits targeting widely used software, including U.S. operating systems and encrypted messaging apps, without notifying developers, allowing customers to use them for ransomware or other malicious activities.

“In advertisements and other public-facing materials, Zelenyuk and Operation Zero have stated that they will only sell the exploits they acquire to customers from non-NATO countries.  Zelenyuk, through Operation Zero, has sought to sell exploits to foreign intelligence agencies.  Zelenyuk and Operation Zero have also sought to develop other cyber intelligence systems, including spyware and methods to extract personal identifying information and other sensitive data uploaded by users of artificial intelligence applications like large language models.” reads the press release by the US Treasury. “Operation Zero has sought to recruit hackers to support its activities and develop business relationships with foreign intelligence agencies through use of social media.”

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, US CISA Known Exploited Vulnerabilities catalog)