Russian Exploit Broker Offers Up to $4 Million for Telegram Zero-Day Vulnerabilities

Russian Exploit Broker Offers Up to $4 Million for Telegram Zero-Day Vulnerabilities

Operation Zero, a company that acquires and sells zero-days exclusively to the Russian government and local Russian companies, announced on Thursday that it’s looking for exploits for the popular messaging app Telegram, and is willing to offer up to $4 million for them. Image:Google The exploit broker is offering up to $500,000 for a “one-click” remote code execution (RCE) exploit; up to $1.5 million for a zero-click RCE exploit; and up to $4 million for a “full chain” of exploits, presumably referring to a series of bugs that allow hackers to go from accessing a target’s Telegram account to their whole operating system or device.  Zero-day companies like Operation Zero develop or acquire security vulnerabilities in popular operating systems and apps and then re-sell them for a higher price. For the company to focus on Telegram makes sense, considering the messaging app is especially popular with users in both Russia and Ukraine.  Given the exploit broker’s customers — chiefly the Russian…