The Russian zero seller offers up to $ 4 million for a telegram operation

Operation zero, a company that acquires and sells zero days exclusively to the Russian government and local Russian companies, Thursday That he is looking for feats for the popular Telegram message app and is ready to offer up to $ 4 million for them.

Exploit Broker offers up to $ 500,000 for remote code (RCE) “One Click”; up to $ 1.5 million for a zero click RCE; and up to $ 4 million for a “full chain” of feats, by presumption, relating to a series of bugs that allow hackers to move from access to the telegram of the target to their entire operating system or device.

Zero-day companies such as Operation Zero develop or acquire security vulnerabilities in popular operating systems and applications and then sell them again for a higher price. For the company to focus on Telegram makes sense, given the message app is particularly popular with users in both Russia and Ukraine.

Given the customers of the broker of operation-the Russian government, the public price, offers a rare view of the priorities within the market with a zero day, in particular that of Russia, a state market and cybersecurity, often covered secret.

It is not uncommon to operate brokers to advertise that they are looking for errors in specific applications or systems when they know that there is timely demand. This means that the Russian government may have told Operation Zero that it is looking for Telegram Bugs, which prompted the broker to publish what is essentially advertising and to offer higher payments because it knows that it can charge more the Russian government for them.

Operation Zero CEO Sergei Zelenik did not respond to TechCrunch’s request for comment.

Zero days There are vulnerabilities that are unknown to software or hardware manufacturers, which makes them particularly valuable in the growing industry of operational brokers – and those who want to buy them – because it gives hackers a greater chance of operating the target technology without the manufacturer or the goal of doing a lot for it.

RCE is One of the most precious types of disadvantages Because it allows hackers to take remote control of an application or operating system. Zero -clicking Do not require any interaction from the target, unlike the phishing attack, for example, which makes these bugs more precious.

Zero click, RCE Zero-Day is essentially the most valuable category of operation it has.

Telegram

The new Telegram Bugs Award comes as a Ukrainian government disable the use of Telegram The devices of government and military staff last year for fear that they may be particularly vulnerable to Russian government hackers.

Security and Confidentiality Experts have repeatedly warn This telegram should not be considered sure as competitors such as WhatsApp and signal. On the one hand, Telegram does not use end -to -end encryption and even when users activate it, the application does not use a well -known and audited end -to -end encryption that leads leading Crypto experts like Matthew Green To warn that “most of the telegram’s conversations one to one-and-literally group chat is probably seen on Telegram servers.”

A person who has knowledge of the operation market said that the prices of Operation Zero for a telegram “are a little low”, but it could be because the Operation Zero expects to charge more, maybe twice or three times more when resold the feats.

The person who wanted to remain anonymous because he was not authorized to speak to the press said that Operation Zero could also sell them several times to different customers, and may also pay more prices depending on some criteria.

“I don’t think they will actually pay full (price). There will be some lane that is not clear and they will only make a partial payment,” they said. “Which is a bad business, if you ask me, but with all the anonymous there is no real incentive not to f – k over the operating writer.”

Another person who works in the zero -day industry said the prices advertised by Operation Zero are not “wild off”. But they also said that it depends on whether there were factors such as exclusivity and whether this price took into account the fact that the Zero operation would then develop the operation again or examine them again as a broker.

Prices of zero days as a whole have increased in the last few years As applications and platforms become more difficult to hack. As TechCrunch reported in 2023, zero day for WhatsApp can cost up to $ 8 million at the timeA price that also takes into account how popular the application is.

Surgery zero before titles To offer $ 20 million for hacking tools that would allow hackers to take full control of iOS and Android devices. Currently, the company offers only $ 2.5 million for these types of bugs.