Pierluigi Paganini March 22, 2025

Russian zero-day broker Operation Zero is looking for exploits for the popular messaging app Telegram, offering up to $4 million for them.

Operation Zero, a Russian zero-day broker, is offering up to $4 million for Telegram exploits, the news was first reported by Tech Crunch. The Russian firm seeks up to $500K for one-click RCE, $1.5M for zero-click RCE, and $4M for a full-chain exploit that could allow full device compromise. The company exclusively sells exploits to the Russian government and local firms.

A zero-day broker like Operation Zero might be willing to pay millions for Telegram exploits for several reasons, including:

1. Government and Intelligence Demand – Telegram is widely used for secure communication, including by journalists, activists, dissidents, and political figures. Russian intelligence agencies could use these exploits for surveillance and espionage purposes.
2. Strategic Cyber Warfare – In geopolitical conflicts, access to Telegram accounts and devices could provide military and intelligence advantages, such as intercepting sensitive communications, and identifying informants.
3. Law Enforcement and Cybercrime Control – Russian authorities may want to monitor criminal organizations, opposition groups, or foreign entities using Telegram. Gaining access without cooperation from Telegram itself could be highly valuable.

Given Telegram’s end-to-end encryption and widespread use, an exploit that bypasses its security could be a game-changer for cyber espionage.

In September 2024, Ukraine’s National Coordination Centre for Cybersecurity (NCCC) banned the Telegram messaging app on government agencies, military, and critical infrastructure, due to national security concerns. The ban does not affect Ukrainian citizens.

On September 19, Ukraine announced the ban on Telegram during a meeting focused on threats to national security posed by the use of the popular instant messaging app, especially during the ongoing conflict between Russia and Ukraine.

Kyrylo Budanov, the chief of Ukraine’s Defence Intelligence, warned that Russian intelligence could spy on Ukrainian entities potentially accessing Telegram users’ data, including deleted messages.

“The Chief of the Defence Intelligence of Ukraine Kyrylo Budanov provided substantiated evidence that russian special services have access to personal correspondence of Telegram users, even deleted messages, as well as their personal data.” reads the announcement published by the National Security and Defense Council of Ukraine.

“I have always stood for freedom of speech, but the issue of Telegram is not a matter of freedom of speech, it is a matter of national security,” said Budanov.

Representatives of the Security Service of Ukraine and the General Staff of the Armed Forces of Ukraine warned that Russia-linked threat actors are actively using Telegram for cyberattacks, spreading phishing and malware, geolocating users, adjusting missile strikes, etc.

“In order to minimise these threats, it was decided to ban the installation and use of Telegram on the official devices of government officials, military personnel, employees of the security and defence sector, as well as enterprises operating critical infrastructure.” continues the announcement. “The only exceptions will be those for whom the use of this messenger is part of their official duties.”

Despite the ban on military and government devices, Ukrainian users rely heavily on Telegram to communicate and receive news on ongoing conflicts.

Zero-day prices have risen as the level of security of messaging apps and mobile devices becomes harder to hack.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, zero-day)