Russian Zero-Day Broker Offers $20 Million for Exploits to Target NATO Countries

The company, established in 2022 by Sergey Zelenyuk, a former security researcher at Kaspersky Lab, specializes in the sale of zero-day exploits.

Operation Zero, a Russian broker firm, has announced a substantial increase in payouts for vulnerabilities in iPhones and mobile devices. The company's willingness to pay up to $20 million highlights the escalating value and demand for zero-day exploits in the landscape. This decision is not just a reflection of market dynamics but also a calculated effort to attract developer teams. “By increasing the premium and providing competitive plans and bonuses for contract works, we encourage the developer teams to work with our platform,” the company articulates, signaling a proactive approach to sourcing .

Focus on Non-NATO Clients

Delving deeper into Operation Zero's business model reveals a clear and explicit focus on serving non-NATO countries. The company, established in 2022 by Sergey Zelenyuk, a former security researcher at Kaspersky Lab, specializes in the sale of zero-day exploits. It has successfully positioned itself as a key player in the Russian market, catering to both governmental bodies and private organizations. Unlike its global competitors, such as Zerodium and Exodus Intelligence, Operation Zero has a concentrated client base, including Russian government agencies and private businesses, underscoring its localized market strategy.

Expansion and Market Dynamics

Operation Zero's strategic initiatives extend beyond 's borders. Earlier in April 2023, the company announced its foray into the United Arab Emirates (UAE), aiming to attract new customers in a region where the surveillance market is experiencing exponential growth. This geographical expansion marks a significant step in diversifying its client portfolio and tapping into emerging markets. In addition to its focus on mobile exploits, the company has diversified its offerings, with payouts of up to $200,000 for remote code execution exploits of SonicWall NGFW and FortiGate NGFW hardware firewalls, and $150,000 for Word. To put this into perspective, Zerodium Exploit Acquisition Program's payouts reach up to $2.5 million for zero-click, zero-day flaws in Android devices and $2 million for analogous vulnerabilities in iOS devices, illustrating the varying market rates for these exploits.