Zero-day Broker Operation Zero Offers Up to $4 Million for Telegram Exploits
Russian zero-day broker Operation Zero is on the hunt for exploits for the popular messaging app Telegram, offering a whopping $4 million for successful discoveries. The news was first reported by Tech Crunch, and it's clear that this Russian firm is willing to pay top dollar for any vulnerabilities they can uncover.
Operation Zero exclusively sells exploits to the Russian government and local firms, and they're looking for specific types of exploits within the Telegram ecosystem. They're offering up to $500K for one-click Remote Code Execution (RCE) on Android devices, $1.5M for zero-click RCE on iOS devices, and a full $4M for a chain exploit that could potentially allow full device compromise.
The company is considering exploits across multiple platforms, including Android, iOS, and Windows, depending on the limitations of the zero-day vulnerability and the level of privilege obtained. This highlights just how serious the stakes are when it comes to Telegram security – with its end-to-end encryption and widespread use, an exploit could have significant implications for cyber espionage.
Given Telegram's current ban on government agencies, military, and critical infrastructure in Ukraine, it's no surprise that Operation Zero is eager to get their hands on any exploits they can find. In September 2024, Ukraine's National Coordination Centre for Cybersecurity (NCCC) took the unprecedented step of banning the messaging app across its public services due to national security concerns.
The ban was announced following a meeting focused on threats to national security posed by Telegram's use, particularly during the ongoing conflict between Russia and Ukraine. Chief of Ukraine's Defence Intelligence Kyrylo Budanov warned that Russian intelligence could potentially spy on Ukrainian entities accessing Telegram users' data, including deleted messages, which has raised serious concerns about the app's security.
"The issue of Telegram is not a matter of freedom of speech, it is a matter of national security," said Budanov. Representatives of the Security Service of Ukraine and the General Staff of the Armed Forces of Ukraine echoed these concerns, stating that Russia-linked threat actors are actively using Telegram for cyberattacks, spreading phishing and malware, geolocating users, adjusting missile strikes, etc.
Despite the ban on military and government devices, Ukrainian users continue to rely heavily on Telegram to communicate and receive news on ongoing conflicts. With zero-day prices rising as the level of security for messaging apps and mobile devices becomes harder to hack, it's clear that Operation Zero is willing to pay top dollar for any vulnerabilities they can uncover.
Stay safe online, and follow us for more updates on cybersecurity threats!