A Russian exploit brokerage firm, Operation Zero, has publicly announced bounties of up to $4 million for zero-day vulnerabilities in Telegram, signaling heightened state-sponsored interest in compromising the popular messaging app. The same “EvilVideo” vulnerability was advertised on Russian hacking forums in June 2024 before its patch, underscoring the blurred lines between state and criminal exploit markets. The company, which exclusively serves the Russian government and local entities, is seeking remote code execution (RCE) exploits across the Android, iOS, and Windows versions of Telegram. While Operation Zero claims exclusivity to Russian clients, underground forums show broader exploit trade activity. Zero-day brokers like Operation Zero fuel a $12 billion global surveillance industry, with Telegram’s cross-platform dominance making it a perennial target. Industry analysts speculate the bounty reflects immediate demand from Russian agencies seeking surveillance or cyberwarfare capabilities. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The move follows Ukraine’s 2024 ban on Telegram for government devices, citing infiltration risks from Russian hackers. Industry sources suggest these prices may undercut market rates, as brokers often resell exploits to governments at 2–3x acquisition costs. Operation Zero’s public bounty offers rare insight into Russia’s exploit procurement priorities.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 21 Mar 2025 17:05:17 +0000