DOJ: Former Trenchant executive sold stolen hacking tools to Russian government-linked broker
U.S. prosecutors said Peter Williams, a former executive at Trenchant (a hacking and surveillance tools unit of U.S. defense contractor L3Harris), stole and sold eight hacking tools/exploits to a Russian company that counts the Russian government among its customers. The Department of Justice said the sales directly harmed the U.S. intelligence community and that the tools could have been used to enable indiscriminate government surveillance, cybercrime, and ransomware at global scale, potentially affecting millions of computers and devices, including in the United States.
Williams, an Australian national, pleaded guilty in October to trade secret theft tied to the sales, which prosecutors said generated more than $1.3 million in cryptocurrency between 2022 and 2025. Ahead of his expected Feb. 24 sentencing in Washington, D.C., prosecutors filed a sentencing memorandum seeking nine years in prison, three years of supervised release, $35 million in restitution, and a $250,000 fine; the filing also indicates Williams is expected to be deported to Australia after serving his sentence, and notes he submitted a letter expressing regret.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Williams scheduled for sentencing in Washington, D.C.
Williams was scheduled to be sentenced on February 24, 2026, in Washington, D.C. The hearing followed his guilty plea and the Justice Department's request for a lengthy prison term.
DOJ sought nine-year sentence ahead of Feb. 24 hearing
In a sentencing memorandum disclosed in February 2026, U.S. prosecutors asked the court to sentence Williams to nine years in prison, along with supervised release, restitution, fines, and deportation to Australia after imprisonment. The filing said the stolen tools could enable surveillance, cybercrime, and ransomware at global scale.
Williams pleaded guilty to trade secret theft charges
Peter Williams pleaded guilty in October 2025 to charges tied to stealing and selling Trenchant's surveillance and hacking tools. Prosecutors said the conduct harmed the U.S. intelligence community and exposed tools capable of compromising millions of devices.
Peter Williams sold eight Trenchant exploits to a Russian broker
According to U.S. prosecutors, former Trenchant general manager Peter Williams stole and sold eight hacking tools or exploits from his employer between 2022 and 2025. The sales allegedly brought in more than $1.3 million in cryptocurrency and involved a Russian exploit broker with Russian government customers.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Infosec exec sold eight zero-day exploit kits to Russia: DoJ • The Register
go.theregister.com
Open sourceFormer Trenchant exec’s sale of trade secrets harmed US intelligence | SC Media
scworld.com
Open sourceDOJ says Trenchant boss sold exploits to Russian broker capable of accessing 'millions of computers and devices' | TechCrunch
techcrunch.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Ex-L3Harris Executive Pleads Guilty to Selling Zero-Day Exploits to Russian Broker
Peter Williams, a former executive at L3Harris subsidiary Trenchant, pleaded guilty in U.S. federal court to two counts of theft of trade secrets after admitting to selling at least eight sensitive cyber-exploit components, including zero-day vulnerabilities, to a Russian software broker. The stolen materials, intended exclusively for the U.S. government and its allies, were sold over a three-year period from 2022 to 2025 in exchange for millions of dollars in cryptocurrency. U.S. prosecutors stated that Williams signed multiple contracts with the Russian broker, which publicly advertises itself as a reseller of cyber exploits to clients including the Russian government, and that the offenses cost L3Harris $35 million in damages. Williams, who previously worked for the Australian Signals Directorate, used encrypted communications to facilitate the transactions and used the proceeds to purchase luxury items. The Russian broker, identified in court as "Company 3" and believed to be Operation Zero, is known for seeking mobile exploits for non-NATO clients. Williams faces a potential prison sentence of 87 to 108 months, fines up to $300,000, and restitution of $1.3 million, and is currently under house arrest pending sentencing. Authorities highlighted the national security risks posed by the sale of these sophisticated cyber tools to foreign actors outside the U.S. and its allies.
Mar 21, 2026
L3Harris Executive Charged with Selling Stolen Trade Secrets to Russia
Federal prosecutors have charged Peter Williams, a former executive at L3Harris Technologies’ cyber division, with stealing eight trade secrets from two unnamed companies and selling them to a Russian buyer for over $1.3 million. Williams, an Australian national who led Trenchant—a division specializing in hacking and surveillance tools for Western intelligence agencies—allegedly misappropriated confidential proprietary data between 2022 and 2025. Authorities are seeking to seize assets tied to the illicit profits, including real estate, luxury items, and funds in multiple bank and cryptocurrency accounts. The Department of Justice has not accused L3Harris or Trenchant of any wrongdoing, and the nature of the stolen trade secrets remains undisclosed. Court documents indicate that Williams systematically transferred sensitive information over a period of more than three years, with the case surfacing after an internal investigation at Trenchant reportedly triggered by a leak of hacking tools. While Williams was reportedly arrested, federal officials later clarified he is not in federal custody. The Russian recipient of the stolen data has not been identified, and L3Harris has not commented on the case. An arraignment and possible plea agreement are scheduled in Washington, D.C., as authorities continue to investigate the extent of the breach and its implications for national security.
Mar 21, 2026
Peter Williams Sells U.S. Cyber Exploits to Russian Broker
Peter Williams, a former general manager at U.S. defense contractor L3Harris Trenchant and ex-employee of Australia's ASD, pleaded guilty to stealing and selling eight sensitive cyber-exploit components to a Russian 0day broker known as Operation Zero. The exploits, which were intended for exclusive use by the U.S. government and select allies, were sold over a three-year period from 2022 to 2025, netting Williams approximately $1.3 million. The Russian broker, Operation Zero, is known for reselling exploits to non-NATO buyers, including the Russian government. The U.S. Department of Justice did not specify which exploits were stolen, but reports indicate that L3Harris Trenchant had teams working on Google Chrome and iOS 0days, and the company was already investigating a possible leak of its tools prior to Williams' arrest. Williams was reportedly in charge of the internal investigation into the leaks and had fired a security researcher suspected of involvement, though the researcher denied access to the relevant vulnerabilities. The case highlights the significant insider threat posed by trusted individuals with access to sensitive cyber capabilities, and underscores the risks of advanced cyber weapons falling into the hands of adversarial nation-states. The incident has raised concerns about the security of exploit development programs and the potential for further leaks or misuse of advanced cyber tools by hostile actors.
Mar 21, 2026