Operation Zero, a company that gets and sells zero days exclusively to the Russian government and the local Russian companies, Announced She is looking for exploits for the famous messaging application, and it is ready to provide up to $ 4 million to them.
The exploitation broker offers up to $ 500,000 to exploit the implementation of a “one -click” symbol; Up to $ 1.5 million to exploit RCE with a zero click; And up to 4 million dollars for a “full chain” of exploits, which are supposed to indicate a series of errors that allow infiltrators to move from reaching the goal of the target to the full operating system or their device.
Companies for a zero day, such as the Zero process, develop or obtain security gaps in the operating systems and famous applications and then resell them at a higher price. In order for the company to focus on Telegram, given that the messaging application is especially popular for users in Russia and Ukraine.
Looking at the intermediary clients for exploitation-in the form of the Russian government-the general price offered a rare overview of the Zero Day, especially in Russia and the cybersecurity market often in secrecy.
It is not uncommon to use intermediaries to announce that they are looking for errors in specific applications or systems when they know that there is a time in time. This means that the Russian government could have told the Zero process that it is searching for Telegram insects, which prompted the mediator to spread what is mainly a declaration, and provides higher batches because it is known in turn, the Russian government can earn more for them.
Contact us
Do you have more information about the zero process, or other service providers on the zero day? From a non-action device, you can connect to Lorenzo Franceschi-Bicchierai securely to indicate +1 917 257 1382, or via Telegram and Keybaserenzofb, or Email. You can also call the techcrunch via Securedrop.
Sergey Zellinok, CEO of Operation Zero, did not respond to the Techcrunch request for comment.
Zero days They are the weaknesses of software or hardware makers, which makes them of special value in the growing industry of intermediaries – and those who want to buy it – because it gives infiltrators a better opportunity to exploit the targeted technology without the manufacturer or the goal of doing a lot about it.
RCE is One of the most valuable types of defects Because it allows infiltrators to control a distance in an application or operating system. Click zero Do not require any interaction of the target, instead of attacking the hunting, for example, which makes these errors more valuable.
The zero click, RCE Zero-Day is mainly the most valuable exploitation category.
Targeting the telegram
The new bonus comes to treat Telegram as a Ukrainian government Blocking the use of telegram On the government and military agencies last year, for fear that they will be particularly vulnerable to Russian government infiltrators.
protection and privacy Experts Ownership repeatedly to caution The telegram should not be considered as safe like competitors like WhatsApp and Signal. For one of them, Telegram does not use encryption from end to end virtual, and even when users enable it, the application does not use known and abandoned encryption, which performs Crowment experts such as Matthew Green To warn of it, “the vast majority of individual telegram conversations-perhaps each group chat-visible on Telegram servers.”
A person who has knowledge of the exploitation market said that the Zero process for the telegram is “a little low”, but it may be because the Zero process expects to receive more, perhaps two or three times, when you resell the exploits.
The person, who asked not to disclose his identity because they were not authorized to speak to the press, said that the Zero process can also sell it several times to different customers, and can also pay less prices depending on some criteria.
And they said: “I don’t think they will actually pay (the price). There will be some righteousness in which exploitation is not clear and they will only make partial payment.” “This is the bad work if you ask me, but with everyone anonymous, there is no real incentive for F -K not the author to exploit.”
Another person working in today’s zero industry said that the declared prices by Zero are not “violent.” But they also said that this depends on whether there are factors such as exclusivity, and whether this price takes into account the fact that the Zero process will redefine the internal exploits, or resell it as a mediator.
The price of zero days in general It has risen in the past few years Applications and platforms also become difficult to penetrate. As mentioned in 2023, TECRUNIC It can cost up to $ 8 million at that timeThe price that also takes into account the popularity of the application.
The scratch previously Take headlines To provide $ 20 million to piracy tools that would allow infiltrators to fully control iOS and Android devices. The company currently offers only $ 2.5 million to these types of errors.
https://techcrunch.com/wp-content/uploads/2021/01/telegram-flames-draft.jpg?resize=1200,675
Source link