Russian Broker Offers $4 Million For Telegram Zero-Day App Attack
When it comes to hacking attacks with criminal or state-sponsored espionage intent, there are two holy grails for threat actors: messenger apps and zero-day exploits. Put them together, and you have a recipe for disaster on a massive international scale. This is why an offer by a Russian zero-day broker, which only sells exploits to Russian private and government organizations, to pay a staggering $4 million for a zero-day exploit attack against the Telegram app is of so much concern. Here's what you need to know.
Thinking of a zero-day vulnerability in terms of the Holy Grail of cyberattack tools isn't too wide of the mark. A zero-day vulnerability refers to any previously undiscovered bug that could enable an attacker to do something they really shouldn't be able to. The important thing is that this could allow unauthorized, remote, and even no-click access to a system, a user, or data. When a threat actor discovers this and uses it in an ongoing attack before security researchers or the vendor, so there is no opportunity to roll out a fix before the tracks begin, it is known as a zero-day exploit. There are, quite literally, zero days to fix the vulnerability and stop the attacks. OK, so now you understand the urgency of the method, you should also understand the urgency of the concern that a broker is offering such a high price for anyone who can supply it with a full-chain zero-day attack against the Telegram messenger app. Especially when the only people that border will see to are private and government organizations in Russia itself 'for offensive and defensive operations in cyberspace.'
A March 20 posting to the X social media platform was the unlikely place that rewards totaling $6 million were offered to hackers who could find zero-days in the Telegram messenger service.
The Operation Zero brokerage said that it would pay the rewards for remote code execution zero-days targeting Android, iOS and Windows as follows:
Telegram 1-click RCE — Up to $500,000
Telegram 0-click RCE — Up to $1,500,000
Telegram full chain — Up to $4,000,000
I have reached out to both Telegram and Operation Zero for a statement and will update this article if any are forthcoming.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
43 minutes ago
- Yahoo
Pro-Ukrainian partisans destroy car used by Russian drone operators in occupied Melitopol, Atesh claims
A car used by drone operators in the Russian 64th Separate Motorized Rifle Brigade was destroyed by the Atesh partisan group in occupied Melitopol overnight on June 10, the group claimed. The Atesh group says they destroyed a military vehicle which contained a "mobile electronic warfare system," claiming they temporarily "paralyzed" the work of the Russian unit. "The resistance in southern Ukraine is alive and we are increasing the pressure every day," the Atesh group said in a post to Telegram. Meanwhile, Russia conducted a large-scale missile and drone attack on Kyiv and Odesa. One was killed, and seven were injured in both cities. In Odesa, a medical facility and maternity hospital were damaged in the Russian attack. "An incendiary mixture was used, which engulfed the car in a matter of seconds and completely destroyed it," Atesh said. The group claims they destroyed the car while it was left unguarded after studying the location and habits of the Russian crew. "This vehicle was used for covert movement and tactical missions in the south of Ukraine. Now the enemy is left without critical transport," the Atesh group said. The Kyiv Independent could not verify the group's claims. The Atesh partisan group regularly conducts sabotage attacks in Russia and Ukraine's Russian-occupied territories. Read also: Ukraine begins new major prisoner exchange with Russia We've been working hard to bring you independent, locally-sourced news from Ukraine. Consider supporting the Kyiv Independent.
Yahoo
an hour ago
- Yahoo
Florida man accused of dealing drugs, promoting dogfighting kept 9-foot alligator on property: JSO
The Brief The Jacksonville Sheriff's Office said it discovered a 9-foot alligator in the yard of an accused drug dealer. According to JSO, there were multiple neglected dogs on the property as well as evidence of dog fighting. Marquis Williams, 49, was arrested and is facing more than a dozen animal abuse charges, including illegally possessing an alligator and promoting dog fighting, which are felonies. JACKSONVILLE, Fla. - A drug bust in Florida landed a man in jail and led to the rescue of a 9-foot alligator and multiple neglected dogs that may have been used for dog fighting, according to the Jacksonville Sheriff's Office. The backstory In March, JSO said it received a tip about a house on the north side of Jacksonville that was being used to distribute illegal drugs. Investigators said they found cocaine, oxycodone, marijuana and several guns inside the home, which led to the arrest of 49-year-old Marquis Williams. READ:Florida suspects accused of creating counterfeit money hid bills in a Bible: MCSO While serving the search warrant, officers noted there were multiple dogs on the property as well as dog-fighting equipment, trophies, and books. Several dogs were kept in skyboxes while others were chained, according to JSO. Officers said the dogs showed serious signs of neglect, including being covered in feces, fleas, and infections. READ:Governor DeSantis touts Florida job growth as manufacturer announces new facility They added that some of the dogs had open wounds, others had wounds that were in the process of healing. The officers said they found other animals in similar condition, including young raccoons and turtles. Dig deeper Authorities also discovered a 9-foot alligator in a small, fenced-in area. Officers said the gator had no access to water in the cage and bones scattered on the ground suggested it was being fed the other animals on the property. An FWC nuisance alligator wrangler came to the property to safely remove the gator. READ:Lu, beloved Homosassa Springs hippo, dies at 65 In addition to felony drug and gun charges, Williams is facing more than a dozen charges for animal abuse, including illegally possessing an alligator and promoting dog fighting, which are felonies. The Source This story was written with information posted by the Jacksonville Sheriff's Office. STAY CONNECTED WITH FOX 13 TAMPA: Download the FOX Local app for your smart TV Download FOX Local mobile app: Apple | Android Download the FOX 13 News app for breaking news alerts, latest headlines Download the SkyTower Radar app Sign up for FOX 13's daily newsletter Follow FOX 13 on YouTube
Yahoo
an hour ago
- Yahoo
Russia strikes Kyiv and Odesa with aerial attacks, at least two people wounded, officials say
Russia launched a drone attack on Kyiv overnight into Tuesday, with air raid sirens blaring for hours and residents hearing regular explosions, and local officials reporting damage to residential buildings and at least two people wounded. Air raid sirens have been blasting since midnight local time in the capital and air defense systems have been working non-stop in the city center, a CNN producer said. A large number of unmanned aerial vehicles are still reaching the capital, said Kyiv mayor Vitaliy Klitschko in a post on Telegram. At least two people have been wounded so far in the capital, Klitschko added. Preliminary damage was reported in the Desnianskyi, Obolonskyi and Shevchenkivskyi districts, according to Tymur Tkachenko, head of the Kyiv city military administration. In the southern port city of Odesa, Russian attacks struck a maternity ward, according to Andriy Yermak, Chief of Presidential Staff. A residential building was also hit, according to Odesa mayor Hennadiy Trukhanov, adding at least one person was killed based on preliminary reports. The overnight attacks follow Russia's biggest drone strike on Ukraine on Monday, where Russia fired 479 UAVs at Ukraine in an overnight aerial assault, surpassing the highest number of drones Moscow has launched in a single day for the second consecutive weekend. This is a developing story and will be updated.
