Peter Williams Sells U.S. Cyber Exploits to Russian Broker
Peter Williams, a former general manager at U.S. defense contractor L3Harris Trenchant and ex-employee of Australia's ASD, pleaded guilty to stealing and selling eight sensitive cyber-exploit components to a Russian 0day broker known as Operation Zero. The exploits, which were intended for exclusive use by the U.S. government and select allies, were sold over a three-year period from 2022 to 2025, netting Williams approximately $1.3 million. The Russian broker, Operation Zero, is known for reselling exploits to non-NATO buyers, including the Russian government. The U.S. Department of Justice did not specify which exploits were stolen, but reports indicate that L3Harris Trenchant had teams working on Google Chrome and iOS 0days, and the company was already investigating a possible leak of its tools prior to Williams' arrest.
Williams was reportedly in charge of the internal investigation into the leaks and had fired a security researcher suspected of involvement, though the researcher denied access to the relevant vulnerabilities. The case highlights the significant insider threat posed by trusted individuals with access to sensitive cyber capabilities, and underscores the risks of advanced cyber weapons falling into the hands of adversarial nation-states. The incident has raised concerns about the security of exploit development programs and the potential for further leaks or misuse of advanced cyber tools by hostile actors.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
ThreatsDay bulletin reports multiple newly surfaced cyber threats
A ThreatsDay bulletin highlighted several developments including a DNS poisoning flaw, a supply-chain compromise, a Rust malware evasion technique, and newly emerging remote access trojans. The reference does not provide discrete underlying event dates, so the bulletin publication date is used.
Former ASD employee Peter Williams pleads guilty over exploit sales to Russia
Peter Williams, a former employee of the Australian Signals Directorate, pleaded guilty to selling eight software exploits to Russia. The reference provides no additional timing details beyond the publication date.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Ex-L3Harris Executive Pleads Guilty to Selling Zero-Day Exploits to Russian Broker
Peter Williams, a former executive at L3Harris subsidiary Trenchant, pleaded guilty in U.S. federal court to two counts of theft of trade secrets after admitting to selling at least eight sensitive cyber-exploit components, including zero-day vulnerabilities, to a Russian software broker. The stolen materials, intended exclusively for the U.S. government and its allies, were sold over a three-year period from 2022 to 2025 in exchange for millions of dollars in cryptocurrency. U.S. prosecutors stated that Williams signed multiple contracts with the Russian broker, which publicly advertises itself as a reseller of cyber exploits to clients including the Russian government, and that the offenses cost L3Harris $35 million in damages. Williams, who previously worked for the Australian Signals Directorate, used encrypted communications to facilitate the transactions and used the proceeds to purchase luxury items. The Russian broker, identified in court as "Company 3" and believed to be Operation Zero, is known for seeking mobile exploits for non-NATO clients. Williams faces a potential prison sentence of 87 to 108 months, fines up to $300,000, and restitution of $1.3 million, and is currently under house arrest pending sentencing. Authorities highlighted the national security risks posed by the sale of these sophisticated cyber tools to foreign actors outside the U.S. and its allies.
Mar 21, 2026
Ex-L3Harris Trenchant executive jailed as US sanctions Russian zero-day broker Operation Zero
A former L3Harris executive, **Peter Williams**, was sentenced to **87 months (about seven years)** in U.S. federal prison after pleading guilty to **theft of trade secrets** tied to the removal and sale of **at least eight zero-day exploit components/cyber tools** from *Trenchant* (L3Harris’ specialized unit supplying exploits to the U.S. government and select allies). Prosecutors said the stolen materials were intended for restricted government use; Williams allegedly leveraged his access over several years, received **about $1.3 million in cryptocurrency**, and the theft was estimated to have caused **$35 million** in losses to the contractor. Court reporting also noted Williams’ prior service with Australia’s signals intelligence community and that Trenchant traces back to L3Harris’ acquisition of Australian exploit-focused firms. The U.S. Treasury’s **OFAC** simultaneously imposed sanctions on **Operation Zero**—a St. Petersburg-based Russian exploit brokerage—and its founder **Sergey Zelenyuk**, citing national security risks from acquiring and reselling zero-days and related tooling that could enable **ransomware** or other malicious activity. U.S. officials said Operation Zero obtained the stolen Trenchant tools and then resold them to **unauthorized users**, and multiple reports linked the sanctions action to the Williams case (where the buyer was previously anonymized in court as “Company 3”). Reporting also described Operation Zero’s public market for high-value mobile and app exploits (including past offers for Android, iOS, and Telegram), its marketing toward **non-NATO** customers and foreign intelligence services, and additional U.S. measures including State Department sanctions and action under the **Protecting American Intellectual Property Act**, plus sanctions on an affiliated UAE entity **Special Technology Services (STS)** and other associated parties.
Mar 21, 2026
DOJ: Former Trenchant executive sold stolen hacking tools to Russian government-linked broker
U.S. prosecutors said **Peter Williams**, a former executive at *Trenchant* (a hacking and surveillance tools unit of U.S. defense contractor **L3Harris**), stole and sold **eight hacking tools/exploits** to a **Russian company** that counts the Russian government among its customers. The Department of Justice said the sales **directly harmed the U.S. intelligence community** and that the tools could have been used to enable **indiscriminate government surveillance**, **cybercrime**, and **ransomware** at global scale, potentially affecting **millions of computers and devices**, including in the United States. Williams, an Australian national, pleaded guilty in October to trade secret theft tied to the sales, which prosecutors said generated **more than $1.3 million in cryptocurrency** between 2022 and 2025. Ahead of his expected Feb. 24 sentencing in Washington, D.C., prosecutors filed a sentencing memorandum seeking **nine years in prison**, **three years of supervised release**, **$35 million in restitution**, and a **$250,000 fine**; the filing also indicates Williams is expected to be **deported to Australia** after serving his sentence, and notes he submitted a letter expressing regret.
Mar 21, 2026