Zero Action, a company that acquires and sells only to the Russian government and local Russian companies Announced on Thursday It is looking for exploits of the popular messaging app Telegram and is willing to provide them with up to $4 million in vulnerabilities.
Brokers who exploit a “one-click” remote code execution (RCE) vulnerability can provide up to $500,000; zero-click RCE exploits can reach $1.5 million; and can be used for a “full vulnerability” chain, presumably a series of errors that allow hackers to telegram from accessing the target to their entire operating system or device.
Zero-day companies (such as Zero Action) develop or acquire security vulnerabilities in popular operating systems and applications and then resell them at a higher price. It makes sense to make the company focus on telegraphs, considering that messaging applications are particularly popular among users in Russia and Ukraine.
Given that the public price tags of the exploiting broker’s clients (mainly the Russian government) have a rare glimpse of the priorities of the zero-day market, especially Russia, a country and cybersecurity market that is often kept secret.
It is not uncommon to use brokers to advertise that they are looking for errors in a specific application or system when they know the timely demands. This means that the Russian government may have told Action Zero that it is looking for telegram errors, which prompted brokers to post content that is essentially ads and offer higher spending because it knows it can accuse them more of the Russian government.
Contact Us
Do you have more information about zero operations or other zero-day providers? With non-working devices, you can contact Lorenzo Franceschi-bicchierai in a signal of +1 917 257 1382 or via Telegram and Keybase @lorenzofb or e-mail. You can also Security.
Operation Zero CEO Sergey Zelenyuk did not respond to TechCrunch’s request for comment.
Zero Day are unknown vulnerabilities for software or hardware manufacturers, which makes them particularly valuable in the growing broker industry, as well as those who want to buy them – because it gives hackers the opportunity to take advantage of target technology without a manufacturer or target.
RCE is One of the most valuable types of defects Because it allows hackers to remotely control applications or operating systems. Zero click utilization No targeting is required to make these errors more valuable, contrary to phishing attacks.
Zero Days of Zero Click are essentially the most valuable category among them.
Positioning Telegram
New bounty for telegraph loopholes in Ukrainian government emerges Telegram is prohibited Last year, on the equipment of government and military personnel, they were particularly vulnerable to Russian government hackers.
Safety and privacy expert have repeatedly warn The telegram should not be as safe as competitors like WhatsApp and Signal. First, Telegram does not use end-to-end encryption by default, and even if the user enables it, the app does not use well-known and audited end-to-end encryption. Encryption experts such as Matthew Green To warn, “The vast majority of one-to-one telegram conversations and every group chat may be visible on the telegram server.”
One who understands the vulnerability market says that the Zero Operations Telegram price is “a bit low”, but that may be because when Zero Operations resells to exploit, Zero Operations expects to charge more, perhaps twice or triple.
The person asked to remain anonymous because they were not authorized to speak to the press, and he said Zero Action could also be sold several times to different customers and could also pay lower prices based on certain standards.
“I don’t think they actually will be satisfied [price]. They said there will be some loopholes in the bar and they will only pay.
Another person working in the zero-day industry said the price of zero-action publicity was not “crazy”. But they also say it depends on whether there are factors like exclusivity and whether that price takes into account the fact that zero operations will be redeveloped internally or resold as brokers.
Overall zero-day price In the past few years As applications and platforms become increasingly difficult to aggress. As TechCrunch reported in 2023, WhatsApp’s Zero Day The maximum cost was $8 million at that timethis price also takes into account the popularity of the app.
Previous operation zero Headline News Offering $20 million in hacking tools, this will give hackers full control over iOS and Android devices. The company currently only provides $2.5 million for these errors.
