Zero mode, a company that acquires and sells zero days exclusively to the Russian government and local Russian companies, announced on Thursday That it is looking for a popular message telegram and is willing to offer up to $ 4 million for them.
Broker Exploit offers up to $ 500,000 for remote -execution code “with one click” (RCE). Up to $ 1.5 million for RCE exploitation with zero clicks. and up to $ 4 million for a “full chain” farms, possibly referring to a series of errors that allow hackers to proceed from accessing the target telegram account throughout their operating system or device.
Zero day companies, such as Zero, are developing or gaining safety vulnerabilities in popular operating systems and applications and then redefine them for a higher price. To concentrate the company on the telegram, given that the application of messages is particularly popular with users both in Russia and Ukraine.
Given the exploit’s Broker customers-mainly the Russian government-the public honor offers a rare look at the priorities of the zero day market, especially that of Russia, a country and the cyber security market that is often surrounded by secrecy.
It is not uncommon to exploit brokers to advertise that they are looking for errors in specific applications or systems when they know that there is timely demand. This means that it is likely that the Russian government has told Zero business that it is looking for telegraph errors, which prompted the broker to publish what is essentially advertising and offering higher payments because it knows it can charge the Russian government more to them.
Contact us
Do you have more information on Zero mode or other zero day providers? From a non-work device, you can contact Lorenzo Franceschi-bicchierai safely on the signal on +1 917 257 1382, or via the telegraph and keybase @lorenzofb or email. You can also contact TechCrunch via securedrop.
Operation CEO Zero Sergey Zelenyuk did not respond to TechCrunch’s request for comments.
Zero days are vulnerabilities that are unknown to software or hardware manufacturers, which makes them particularly valuable in the developing exploitation industry brokers-and those who want to buy them-because hackers are more likely to exploit the target technology without the target technology.
An RCE is one of the most valuable types of defects because it allows hackers to take away distance control of an application or operating system. Zero -click holdings require no interaction from the target, as opposed to an electronic “fishing” attack, for example, making these errors more valuable.
A zero click, the RCE Zero-Day is essentially the most valuable exploitation category.
Targeting telegram
The new generosity for TELEGRAM Bugs comes as a Ukrainian government prohibited the use of a telegram Regarding the devices of government and military personnel last year, for fear that they could be particularly vulnerable to the Russian government hackers.
Safety and privacy specific have repeatedly He warned that the telegram should not be considered safe as competitors such as WhatsApp and Signal. For one, Telegram does not use end -to -end end -to -end encryption and even when users allow it, the application does not use a known and controlled encryption from end to end, which drives Encryption experts like Matthew Green To warn it, “the overwhelming majority of one-on-one telegraph talks-and literally any group conversation-is probably visible to the telegraph servers.”
A person who is aware of the exploitation market said Zero’s prices for the telegram “are a little low”, but this could be due to the fact that Operation Zero expects to charge more, perhaps two or three times more, when reselling the holdings.
The man, who asked to remain anonymous because he was not authorized to speak to the press, this business Zero could also sell them several times to different customers and could also pay lower prices according to certain criteria.
“I don’t think they will really pay full [price]. There will be a bar, the exploitation does not clean and will only make a partial payment, “they said.
Another person working in the zero -day industry said that prices advertised by Zero mode are not “wild away”. But they also stated that it depends on whether there are factors such as exclusivity and whether this value takes into account the fact that the Zero feature will redefine the exploitation internally or repeat them as a broker.
Zero -day prices have generally increased in recent years, as applications and platforms become more difficult to hack. As TechCrunch said in 2023, a zero day for WhatsApp could cost up to $ 8 million at that time, a price that also takes into account how popular the application is.
The Zero feature has previously made headlines to offer $ 20 million for hacking tools that would allow hackers to take full control of iOS and Android devices. The company currently offers only $ 2.5 million for these errors.
