Pierluigi Paganini September 27, 2023

A Russian zero-day broker is willing to pay $20 million for zero-day exploits for iPhones and Android mobile devices.

The Russian zero-day broker firm Operation Zero is increasing payouts for top-tier mobile exploits. The company is willing to pay up to $20,000,000 for zero-day exploits for iPhone and Android devices.

The Russian company pointed out that the end user for its exploits is a non-NATO country, it also added that decided to increase the payout due to high demand on the market.

“By increasing the premium and providing competitive plans and bonuses for contract works, we encourage the developer teams to work with our platform.” states the company.

Operation Zero was founded in 2022 by Sergey Zelenyuk, a former Kaspersky Lab security researcher. The company specializes in the sale of zero-day exploits to both governmental bodies and private organizations.

Unlike other zero-day brokers, such as Zerodium and Exodus Intelligence, Operation Zero focuses on the Russian market. Operation Zero’s clients include Russian government agencies and private businesses.

In April 2023, Operation Zero announced its expansion into the United Arab Emirates (UAE), seeking to attract new customers in the Middle East, where the surveillance market has exploded.

The Russian firm is also offering:

• SonicWall NGFW RCE — Up to $200,000
• FortiGate NGFW RCE — Up to $200,000
• MS Word RCE — Up to $150,000

0-day exploits for mobile phones are often used by surveillance firms and intelligence agencies.

Zerodium Exploit Acquisition Program is offering up to $2,5 million for zero-click, zero-day flaws in Android devices and up to $2 million for similar zero-day issues affecting iOS devices.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Android)