Ex-L3Harris Executive Pleads Guilty to Selling Zero-Day Exploits to Russian Broker
Peter Williams, a former executive at L3Harris subsidiary Trenchant, pleaded guilty in U.S. federal court to two counts of theft of trade secrets after admitting to selling at least eight sensitive cyber-exploit components, including zero-day vulnerabilities, to a Russian software broker. The stolen materials, intended exclusively for the U.S. government and its allies, were sold over a three-year period from 2022 to 2025 in exchange for millions of dollars in cryptocurrency. U.S. prosecutors stated that Williams signed multiple contracts with the Russian broker, which publicly advertises itself as a reseller of cyber exploits to clients including the Russian government, and that the offenses cost L3Harris $35 million in damages.
Williams, who previously worked for the Australian Signals Directorate, used encrypted communications to facilitate the transactions and used the proceeds to purchase luxury items. The Russian broker, identified in court as "Company 3" and believed to be Operation Zero, is known for seeking mobile exploits for non-NATO clients. Williams faces a potential prison sentence of 87 to 108 months, fines up to $300,000, and restitution of $1.3 million, and is currently under house arrest pending sentencing. Authorities highlighted the national security risks posed by the sale of these sophisticated cyber tools to foreign actors outside the U.S. and its allies.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Peter Williams pleaded guilty in U.S. case over stolen cyber exploits
On or before October 29, 2025, Williams pleaded guilty to stealing trade secrets and selling cyber exploit components to a Russian broker. Prosecutors also sought forfeiture of assets allegedly purchased with the proceeds, including a house, luxury goods, and about $1.3 million in cryptocurrency and bank funds.
Williams sold eight exploit components to Russian broker Operation Zero
Over roughly three years, Williams sold at least eight stolen exploit components, reportedly including Chrome and iOS zero-days, to the Russian cyber-tools broker Operation Zero for millions in cryptocurrency. The sales allegedly benefited Russian cyber actors and provided access to non-NATO buyers, including the Russian government.
Peter Williams exfiltrated sensitive exploit components from his employer
According to the Justice Department reporting summarized in the references, former defense contractor executive Peter Williams stole national-security software containing at least eight sensitive cyber-exploit components intended only for the U.S. and its allies. The theft occurred before and during a multi-year scheme in which the material was removed from his employer, identified in reporting as L3Harris Trenchant.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
7 references tracked. Mallory keeps watching after this page renders.
Peter Williams, Ex-ASD, Pleads Guilty to Selling Eight Exploits to Russia
lawfaremedia.org
Open sourceThe Good, the Bad and the Ugly in Cybersecurity – Week 44
sentinelone.com
Open sourceEx-Defense contractor exec pleads guilty to selling cyber exploits to Russia
securityaffairs.com
Open sourceUS Defense Contractor Boss Sold Zero Days to Russia — Cops a Plea
securityboulevard.com
Open sourceEx-L3Harris Cyber Boss Pleads Guilty to Selling Trade Secrets to Russian Firm
wired.com
Open sourceFormer Trenchant exec pleads guilty to selling cyber exploits to Russian broker
therecord.media
Open sourceEx-L3Harris exec pleads guilty to selling zero-day exploits to Russian broker
cyberscoop.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Peter Williams Sells U.S. Cyber Exploits to Russian Broker
Peter Williams, a former general manager at U.S. defense contractor L3Harris Trenchant and ex-employee of Australia's ASD, pleaded guilty to stealing and selling eight sensitive cyber-exploit components to a Russian 0day broker known as Operation Zero. The exploits, which were intended for exclusive use by the U.S. government and select allies, were sold over a three-year period from 2022 to 2025, netting Williams approximately $1.3 million. The Russian broker, Operation Zero, is known for reselling exploits to non-NATO buyers, including the Russian government. The U.S. Department of Justice did not specify which exploits were stolen, but reports indicate that L3Harris Trenchant had teams working on Google Chrome and iOS 0days, and the company was already investigating a possible leak of its tools prior to Williams' arrest. Williams was reportedly in charge of the internal investigation into the leaks and had fired a security researcher suspected of involvement, though the researcher denied access to the relevant vulnerabilities. The case highlights the significant insider threat posed by trusted individuals with access to sensitive cyber capabilities, and underscores the risks of advanced cyber weapons falling into the hands of adversarial nation-states. The incident has raised concerns about the security of exploit development programs and the potential for further leaks or misuse of advanced cyber tools by hostile actors.
Mar 21, 2026
L3Harris Executive Charged with Selling Stolen Trade Secrets to Russia
Federal prosecutors have charged Peter Williams, a former executive at L3Harris Technologies’ cyber division, with stealing eight trade secrets from two unnamed companies and selling them to a Russian buyer for over $1.3 million. Williams, an Australian national who led Trenchant—a division specializing in hacking and surveillance tools for Western intelligence agencies—allegedly misappropriated confidential proprietary data between 2022 and 2025. Authorities are seeking to seize assets tied to the illicit profits, including real estate, luxury items, and funds in multiple bank and cryptocurrency accounts. The Department of Justice has not accused L3Harris or Trenchant of any wrongdoing, and the nature of the stolen trade secrets remains undisclosed. Court documents indicate that Williams systematically transferred sensitive information over a period of more than three years, with the case surfacing after an internal investigation at Trenchant reportedly triggered by a leak of hacking tools. While Williams was reportedly arrested, federal officials later clarified he is not in federal custody. The Russian recipient of the stolen data has not been identified, and L3Harris has not commented on the case. An arraignment and possible plea agreement are scheduled in Washington, D.C., as authorities continue to investigate the extent of the breach and its implications for national security.
Mar 21, 2026
Ex-L3Harris Trenchant executive jailed as US sanctions Russian zero-day broker Operation Zero
A former L3Harris executive, **Peter Williams**, was sentenced to **87 months (about seven years)** in U.S. federal prison after pleading guilty to **theft of trade secrets** tied to the removal and sale of **at least eight zero-day exploit components/cyber tools** from *Trenchant* (L3Harris’ specialized unit supplying exploits to the U.S. government and select allies). Prosecutors said the stolen materials were intended for restricted government use; Williams allegedly leveraged his access over several years, received **about $1.3 million in cryptocurrency**, and the theft was estimated to have caused **$35 million** in losses to the contractor. Court reporting also noted Williams’ prior service with Australia’s signals intelligence community and that Trenchant traces back to L3Harris’ acquisition of Australian exploit-focused firms. The U.S. Treasury’s **OFAC** simultaneously imposed sanctions on **Operation Zero**—a St. Petersburg-based Russian exploit brokerage—and its founder **Sergey Zelenyuk**, citing national security risks from acquiring and reselling zero-days and related tooling that could enable **ransomware** or other malicious activity. U.S. officials said Operation Zero obtained the stolen Trenchant tools and then resold them to **unauthorized users**, and multiple reports linked the sanctions action to the Williams case (where the buyer was previously anonymized in court as “Company 3”). Reporting also described Operation Zero’s public market for high-value mobile and app exploits (including past offers for Android, iOS, and Telegram), its marketing toward **non-NATO** customers and foreign intelligence services, and additional U.S. measures including State Department sanctions and action under the **Protecting American Intellectual Property Act**, plus sanctions on an affiliated UAE entity **Special Technology Services (STS)** and other associated parties.
Mar 21, 2026