The Russian seller offers zero on the day of zero up to 4 million dollars to exploit Telegram
Zero, a company that gets zero days and sells it exclusively to the Russian government and the local Russian companies, announced on Thursday that it is looking for exploits for the famous messages telegram, and it is ready to provide up to 4 million dollars to them.
The exploitation broker offers up to $ 500,000 to exploit the implementation of a “one -click” symbol; Up to $ 1.5 million to exploit RCE with a zero click; And up to 4 million dollars for a “full chain” of exploits, which are supposed to indicate a series of errors that allow infiltrators to move from the Termed Telegram account to the full operating system or their device.
Companies for a zero day, such as the Zero process, develop or obtain security gaps in the operating systems and famous applications and then resell them at a higher price. In order for the company to focus on Telegram, given that the messaging application is especially popular for users in Russia and Ukraine.
Looking at the intermediary clients for exploitation-in the form of the Russian government-the general price offered a rare overview of the Zero Day, especially in Russia and the cybersecurity market often in secrecy.
It is not uncommon to use intermediaries to announce that they are looking for errors in specific applications or systems when they know that there is a time in time. This means that the Russian government could have told the Zero process that it is searching for Telegram insects, which prompted the mediator to spread what is mainly a declaration, and provides higher batches because it is known in turn, the Russian government can earn more for them.
Contact us
Do you have more information about the zero process, or other service providers on the zero day? From a non-action device, you can call Lorenzo Franceschi-bicchierai safely to indicate +1 917 257 1382, or via Telegram and Keybasarezofb, or email. You can also contact Techcrunch via Securedrop.
Sergey Zellinok, CEO of Operation Zero, did not respond to the Techcrunch request for comment.
Zero days are weak weaknesses for software or hardware makers, which makes them of special value in the increasing industry of exploitation brokers-and those who want to buy them-because they give infiltrators a better opportunity to exploit the targeted technology without the manufacturer or the goal of doing a lot about this.
RCE is one of the most valuable types of defects because it allows infiltrators to control a distance in an application or operating system. Zerry clicking exploits do not require any interaction of the target, instead of attacking the hunting, for example, which makes these errors more valuable.
The zero click, RCE Zero-Day is mainly the most valuable exploitation category.
Targeting the telegram
The new reward for TELEGRAM BUGS treatment comes at a time when the Ukrainian government banned the use of Telegram on government and military devices last year, fearing that they will be particularly vulnerable to Russian government infiltrators.
Security and privacy experts have repeatedly warned that the telegram should not be considered as safe like WhatsApp and Signal. For one of them, Telegram does not use encryption from end to end virtual, and even when users enable it, the well-known and marginalized encryption app does not use from end to tip, which leads to encryption experts such as Matthew Green to warn that “the vast majority of individual telegraph conversations-and may limit a single group-probably on the Telegram server.”
A person who has knowledge of the exploitation market said that the Zero process for the telegram is “a little low”, but it may be because the Zero process expects to receive more, perhaps two or three times, when you resell the exploits.
The person, who asked not to disclose his identity because they were not authorized to speak to the press, said that the Zero process can also sell it several times to different customers, and can also pay less prices depending on some criteria.
And they said: “I don’t think they will actually pay (the price). There will be some righteousness in which exploitation is not clear and they will only make partial payment.” “This is the bad work if you ask me, but with everyone anonymous, there is no real incentive for F -K not the author to exploit.”
Another person working in today’s zero industry said that the declared prices by Zero are not “violent.” But they also said that this depends on whether there are factors such as exclusivity, and whether this price takes into account the fact that the Zero process will redefine the internal exploits, or resell it as a mediator.
The price of zero days has generally increased in the past few years, as applications and platforms have become more difficult to penetrate. As mentioned by Techcrunch in 2023, the zero day for WhatsApp may cost up to $ 8 million at the time, a price that also takes into account the popularity of the application.
Operation Zero has previously topped newspapers to provide $ 20 million to hacking tools that would allow infiltrators to fully control iOS and Android devices. The company currently offers only $ 2.5 million to these types of errors.