# Ex-Defense Exec Sold US Hacking Tools to Russian Broker for Millions
A 39-year-old Australian national and former defense contractor executive has been sentenced to over seven years in federal prison for stealing and selling classified zero-day exploits to a Russian broker, compromising critical U.S. national security tools in what authorities describe as a brazen act of espionage[1][2]. Peter Williams, who served as the general manager of Trenchant—a specialized cybersecurity unit within L3Harris—stole at least eight protected exploit components intended exclusively for the U.S. government and its Five Eyes intelligence partners, then sold them to a Russian firm operating as Operation Zero for up to $4 million in cryptocurrency[1][2].
The case represents one of the most significant breaches of U.S. cyber defense capabilities in recent years, with prosecutors estimating the stolen tools caused $35 million in losses and could have enabled adversaries to access millions of devices worldwide[1][2]. Simultaneously, the U.S. Treasury Department sanctioned Operation Zero and its owner, Sergey Sergeyevich Zelenyuk, for their role in acquiring and distributing the stolen cyber tools[3].
The Theft and Sale of Classified Cyber Tools
Between 2022 and 2025, Williams exploited his senior position at Trenchant to systematically steal eight proprietary cybersecurity tools built specifically for U.S. government use[1][2]. Using a portable external hard drive, he transferred the exploits out of secure networks at Trenchant's offices in both Sydney and Washington, D.C., before transmitting them to the Russian broker via encrypted channels[2].
In June 2025, just days before meeting with the FBI to discuss their investigation into the theft, Williams signed an agreement with the Russian buyer to sell stolen code for $500,000 and immediately transmitted the materials[1]. Court documents reveal that Williams received approximately $1.3 million in cryptocurrency for the complete sale of all eight exploits between 2022 and July 2025[5]. The stolen tools were surveillance and hacking instruments designed to protect U.S. national security, making their sale to a foreign adversary an act of unprecedented betrayal[10].
National Security Impact and Potential Consequences
U.S. Attorney Jeanine Pirro emphasized the gravity of Williams' crimes, stating that "these incredibly powerful tools would have allowed Russia to access millions of digital devices" and characterizing the offense as not merely theft but a crime of national security[1]. The stolen exploits could enable fraud, ransomware, espionage, and offensive cyber operations targeting civilian and military victims worldwide[1].
According to court documents, the tools were intended only for the U.S. government and select allies, and their compromise represents a catastrophic loss of competitive intelligence advantage[1]. The potential exposure of millions of devices to Russian state-sponsored cyber attacks underscores the critical nature of these tools and the severity of Williams' betrayal[2].
Operation Zero and Russian Exploit Broker Network
Operation Zero, headquartered in St. Petersburg, Russia, and led by Sergey Sergeyevich Zelenyuk, has been active as an exploit broker since 2021[7]. The firm advertises itself as a reseller of hacking tools exclusively to non-NATO customers and has publicly offered millions of dollars in bounties to cybersecurity researchers for exploits targeting U.S.-built operating systems and encrypted messaging applications like Telegram[6][7].
The Treasury Department's sanctions announcement revealed that Operation Zero resold the stolen tools "to at least one unauthorized user," though the specific recipient was not disclosed[3][4]. The firm also operates through affiliated entities, including a UAE company called Special Technology Services and another exploit broker called Advance Security Solutions operating in the UAE and Uzbekistan[4]. Treasury officials indicated that Operation Zero has sought to sell exploits to foreign intelligence agencies and develop additional cyber intelligence systems, including spyware and methods to extract personal data from artificial intelligence applications[1].
Sentencing and Legal Consequences
Williams was sentenced on Tuesday to seven years and three months in federal prison, falling short of the nine-year sentence prosecutors had requested[4]. The court also imposed a $250,000 fine and ordered mandatory restitution of $35 million for losses incurred by the theft and sale of the tools[4]. A hearing to determine Williams' full restitution obligations is scheduled for later in 2026[4].
The sentencing reflects the severity with which federal authorities treat the theft and sale of national security technology. Treasury Secretary Scott Bessent stated: "If you steal U.S. trade secrets, we will hold you accountable. Treasury will continue to work alongside the rest of the Trump administration to protect sensitive American intellectual property and safeguard our national security."[3]
Frequently Asked Questions
Who is Peter Williams and what was his role?
Peter Williams is a 39-year-old Australian national who served as the general manager of Trenchant, a specialized cybersecurity unit within L3Harris Technologies[1][2]. Trenchant develops surveillance tools and zero-day exploits exclusively for the U.S. government and its Five Eyes intelligence partners[2]. Williams previously worked for an Australian spy agency and the country's military before joining the defense contractor[6].
What are zero-day exploits and why are they valuable?
Zero-day exploits are **software vulnerabilities unknown to the vendor or public** that attackers can use to compromise systems before a patch is available[2]. They are extremely valuable because they provide ready-made hacking tools that can quickly access government networks, defense contractors, and critical infrastructure without detection[3]. The stolen exploits in this case could have enabled access to millions of computers and devices worldwide[6].
How much money did Williams receive for selling the hacking tools?
Williams received approximately **$1.3 million in cryptocurrency** for selling all eight zero-day exploits between 2022 and July 2025[5]. Court documents indicate he signed an agreement in June 2025 to sell stolen code for $500,000, with the total value of the tools reaching up to $4 million based on prosecution estimates[1].
What is Operation Zero and who owns it?
Operation Zero is a **Russian exploit broker headquartered in St. Petersburg** owned and operated by Sergey Sergeyevich Zelenyuk[7]. The firm, which also operates under the name Matrix LLC, has been active since 2021 and publicly advertises itself as a reseller of hacking tools exclusively to non-NATO customers[7]. It offers bounties for exploits targeting U.S. operating systems and encrypted messaging applications[6].
What sanctions did the U.S. Treasury impose?
The U.S. Treasury Department sanctioned **Operation Zero, its owner Sergey Sergeyevich Zelenyuk, five associated individuals, and related entities** for acquiring and distributing the stolen cyber tools[3][4]. The sanctions also targeted affiliated companies including a UAE-based firm called Special Technology Services and an exploit broker called Advance Security Solutions operating in the UAE and Uzbekistan[4].
What was the estimated damage from the theft?
The theft caused an estimated **$35 million in losses** to L3Harris, according to court documents and Williams' own admissions to the FBI[1][4]. Additionally, prosecutors alleged that the hacking tools could have enabled the end customer to potentially access millions of computers and devices around the world, representing an immeasurable threat to U.S. national security[6].
🔄 Updated: 2/25/2026, 8:00:10 PM
**BREAKING: Ex-Defense Exec Peter Williams Sentenced to 7 Years, 3 Months for Selling $1.3M in Stolen US Zero-Days to Russia's Operation Zero.** On Tuesday, the U.S. Treasury sanctioned Russian broker Sergey Sergeyevich Zelenyuk, his St. Petersburg-based firm Operation Zero (aka Matrix LLC), and five affiliates—including UAE's Special Technology Services—for acquiring and reselling eight proprietary cyber exploits stolen from L3Harris subsidiary Trenchant between 2022-2025, causing $35M in losses.[1][2][3][5][8] Treasury Secretary Scott Bessent stated, “If you steal U.S. trade secrets, we will hold you accountabl
🔄 Updated: 2/25/2026, 8:10:14 PM
**NEWS UPDATE: Ex-L3Harris Exec's Zero-Day Sale Enables Russian Cyber Threats**
Peter Williams, former Trenchant executive at L3Harris, was sentenced to 7 years and 3 months in prison for stealing eight proprietary **zero-day exploits**—specialized code targeting vulnerabilities in U.S.-built software—from 2022 to 2025 and selling them to Russia's **Operation Zero** for **$1.3 million** in cryptocurrency, tools exclusively meant for U.S. government and allies.[1][4][5][8] These exploits, capable of compromising millions of civilian and military devices worldwide for ransomware, espionage, and data theft, were resold by Operation Zero leader Sergey Zelenyu
🔄 Updated: 2/25/2026, 8:20:19 PM
**BREAKING: Ex-L3Harris Exec Peter Williams Sentenced to 7 Years, 3 Months for Selling 8 Zero-Day Exploits to Russia's Operation Zero.**
Williams, a former Trenchant executive (L3Harris subsidiary), stole the U.S. government-exclusive tools from 2022-2025, selling them for **$1.3 million** in cryptocurrency—despite knowing one was resold to a South Korean broker—and causing **$35 million** in company losses[1][4][5][6]. In parallel, the U.S. Treasury today sanctioned Operation Zero (Matrix LLC), its leader **Sergey Sergeyevich Zelenyuk**, and five affiliates for acquiring and re
🔄 Updated: 2/25/2026, 8:30:19 PM
**Breaking: Ex-L3Harris Exec Peter Williams Sentenced to 7+ Years for Selling Stolen US Zero-Days to Russian Broker Operation Zero.** On Tuesday, the 39-year-old Australian was jailed for 87 months after pleading guilty to stealing eight proprietary cyber exploits from Trenchant—intended solely for the US government and allies—between 2022 and 2025, netting him up to $4 million in cryptocurrency while causing $35 million in losses.[1][2][3] Simultaneously, the Treasury sanctioned Operation Zero's leader Sergey Zelenyuk and affiliates for buying and reselling the tools to unauthorized users, with Secretary Scott Bessent vowing, “If you steal U.S
🔄 Updated: 2/25/2026, 8:40:39 PM
**NEWS UPDATE: Public Outrage Mounts Over Ex-L3Harris Exec's Sale of US Hacking Tools to Russia**
Consumers and the public expressed widespread fury on social media after Peter Williams, former Trenchant executive, was sentenced to over 7 years in prison for selling eight zero-day exploits—intended solely for US government use—to Russian broker Operation Zero for **$1.3 million** in cryptocurrency between 2022-2025, with one deal alone netting **$500,000** just before his FBI meeting.[1][2][3][6][7] Outrage intensified over the **$35 million** losses to L3Harris and risks to "millions of devices worldwide," amplified by
🔄 Updated: 2/25/2026, 8:50:28 PM
**LIVE NEWS UPDATE: Ex-L3Harris Exec's Zero-Day Sale to Russia – Tech Breakdown**
Peter Williams, former Trenchant executive at L3Harris, stole **eight zero-day exploits**—specialized code targeting undisclosed software vulnerabilities in US-built systems like operating systems and encrypted apps—from 2022-2025, selling them to Russian broker **Operation Zero** for **$1.3 million in cryptocurrency**, with one June 2025 deal alone netting **$500,000** despite FBI awareness.[1][2][5] These proprietary tools, exclusive to the US government and allies, enable espionage, ransomware, fraud, and device control, potentially exposing **millions of civilian and military devices worldwid
🔄 Updated: 2/25/2026, 9:00:36 PM
**NEWS UPDATE: Technical Breakdown of Stolen US Zero-Days Sold to Russia**
Peter Williams, ex-general manager of L3Harris subsidiary Trenchant, stole eight proprietary zero-day exploits—specialized code targeting vulnerabilities in US-built software for unauthorized access, data theft, and device control—intended exclusively for the US government and Five Eyes allies, exfiltrating them via portable hard drives from Sydney and Washington offices between 2022-2025 before selling to Russian broker Operation Zero for $1.3-$4 million in cryptocurrency.[1][2][6][7] Operation Zero resold at least one tool to unauthorized users, including via UAE-linked entities, enabling potential compromise of millions of global devices for espionage, ranso
🔄 Updated: 2/25/2026, 9:10:38 PM
**NEWS UPDATE: US Sanctions Reshape Zero-Day Exploit Brokerage Landscape**
US Treasury sanctions on Russian broker Operation Zero—hit for buying eight stolen L3Harris zero-day exploits for $1.3 million in crypto from ex-exec Peter Williams—slash a key non-NATO reseller that targeted US software with million-dollar bounties and flipped tools to unauthorized buyers like a UAE firm.[1][5][6] Williams' seven-year prison sentence and $35 million restitution order further deter insiders, tilting the competitive edge toward state-exclusive providers amid rising barriers for adversarial brokers.[2][4] "If you steal U.S. trade secrets, we will hold you accountable," Treasury Secretary Scott Bessent stated, signaling intensifie
🔄 Updated: 2/25/2026, 9:20:33 PM
**NEWS UPDATE: Expert Analysis on Ex-Defense Exec's Sale of US Hacking Tools to Russian Broker**
U.S. Attorney Jeanine Pirro condemned Peter Williams' actions, stating, "Williams took trade secrets comprised of national security software and sold them for up to $4 million in cryptocurrency. These incredibly powerful tools would have allowed Russia to access millions of digital devices," emphasizing the betrayal as "not only one of theft, it is a crime of national security."[2][3] Assistant Attorney General John A. Eisenberg added, “The tools he compromised were intended to protect this Nation; instead, he auctioned them off to a Russian bidder,” highlighting risks to U.S. intelligence from the eight zero-day exploits sold to Operation Zero betwee
🔄 Updated: 2/25/2026, 9:30:34 PM
**LIVE UPDATE: US Treasury Slaps Sanctions on Russian Exploit Broker in Response to Cyber Tools Sale**
The Trump administration's Treasury Department sanctioned Russian national **Sergey Sergeyevich Zelenyuk**, his St. Petersburg-based firm **Operation Zero** (aka Matrix LLC), plus four individuals and two UAE entities—including Special Technology Services—for acquiring and reselling eight stolen US cyber exploits bought from ex-L3Harris exec Peter Williams for **$1.3 million** in cryptocurrency between 2022-2025.[1][4][5][8] Treasury Secretary **Scott Bessent** stated, *"If you steal U.S. trade secrets, we will hold you accountable,"* vowing continued action to protect nationa
🔄 Updated: 2/25/2026, 9:40:37 PM
The **U.S. Treasury Department sanctioned Russian exploit broker Operation Zero and its founder Sergey Sergeyevich Zelenyuk on Tuesday** for purchasing and reselling stolen cyber tools from former L3Harris executive Peter Williams[2][3]. Treasury Secretary Scott Bessent stated, "If you steal U.S. trade secrets, we will hold you accountable," as the department moved to disrupt the supply chain feeding Russian state and criminal operators[2]. The sanctions also targeted affiliated entities including a UAE-based company called Special Technology Services and exploit broker Advance Security Solutions operating in the UAE and Uzbekistan, which Treasury said received the resold stolen tools[3].