Ethical Hacking News
A former defense contractor's cyber subsidiary has been found guilty of selling eight zero-day exploit kits to Russia, posing a significant threat to US national security. The case highlights the growing concerns surrounding the sale of sensitive technology to hostile actors and the need for increased oversight and regulation in the cybersecurity industry.
The US Department of Justice has revealed that Trenchant, a former defense contractor's cyber subsidiary, sold eight zero-day exploit kits to Russia. Peter Williams, the former General Manager of Trenchant, pleaded guilty to two counts of theft of trade secrets and stole powerful cyber exploits valued at over $35 million. The sale of these exploit kits poses a significant threat to US national security and global security in general due to their value and potential use against civilian or military targets. The case highlights the need for increased oversight and regulation in the cybersecurity industry to prevent such transactions from occurring in the future. A fake ransomware group called 0APT was exposed, revealing that its claims of attacking over 200 entities were fabricated. The exposure of 0APT serves as a reminder to companies and individuals to be cautious when dealing with suspicious claims or demands for payment. Other news includes a ransomware attack on BridgePay, a Polish police arrest of a suspect who attacked a water and sewage infrastructure operator, and Google's acquisition of cloud security firm Wiz being cleared by the European Commission.
In a shocking revelation, the US Department of Justice has revealed that a former defense contractor's cyber subsidiary, Trenchant, sold eight zero-day exploit kits to Russia. The sale of these highly sophisticated and valuable pieces of software poses a significant threat to US national security, as well as potentially to global security in general.
The case revolves around Peter Williams, the former General Manager of Trenchant, who pleaded guilty to two counts of theft of trade secrets earlier this year. However, it was only recently that court records detailed exactly what he stole. According to the DoJ, Williams made it possible for a Russian broker to arm its clients with powerful cyber exploits that could be used against any manner of victim, civilian or military around the world.
The consequences of Williams' actions are far-reaching and devastating. The loss of these zero-day exploit kits has resulted in significant financial losses for L3Harris, the defense contractor from which Williams stole the information. The DoJ reported that the damage caused by Williams' betrayal of his employer and the US government amounts to over $35 million.
Furthermore, the sale of these exploit kits poses a significant threat to national security. Zero-day exploits are highly sought after by malicious actors, as they can be used to gain unauthorized access to even the most secure systems. The ability of a hostile nation like Russia to acquire such powerful tools is a serious concern for global security.
The case highlights the need for increased oversight and regulation in the cybersecurity industry. The sale of sensitive technology to hostile actors is a growing concern, and it is essential that measures are taken to prevent such transactions from occurring in the future.
In addition to the concerns surrounding national security, there are also implications for individual users. Zero-day exploits can be used to compromise personal devices and data, leading to significant financial losses and reputational damage. The ability of malicious actors to acquire these exploit kits through illicit means is a serious threat to global cybersecurity.
The DoJ has requested that the judge sentence Williams to the maximum term allowed under federal guidelines, which could result in up to 108 months in prison followed by three years of supervised release. Additionally, the DoJ has asked for $35 million in restitution and additional forfeitures of items linked to his crimes.
Meanwhile, in a separate development, cybersecurity researchers have exposed a fake ransomware group called 0APT. The group claimed to have successfully attacked over 200 entities in just one week, but further investigation revealed that this was a fabrication. GuidePoint Security reported that the data leak site for 0APT went offline before returning to life with a list of around 15 high-profile multinational victims listed.
The researchers believe that there could be two reasons why 0APT fabricated their claims. Firstly, they may have been attempting to fool other cybercriminals into paying them for ransomware-as-a-service tools that don't exist. Secondly, they may have been trying to trick organizations into believing they had suffered an attack so as to pay ransoms out of fear.
The exposure of 0APT serves as a reminder to companies and individuals alike to be cautious when dealing with suspicious claims or demands for payment. Reviewing logs and staying vigilant is crucial in preventing the spread of malware and minimizing the impact of ransomware attacks.
In other news, BridgePay, a payment service provider for local governments and utilities, has been affected by a ransomware attack. The company remains offline at the time of publication, warning that restoring services could take several more weeks.
Additionally, Polish police have arrested a suspect believed to have attacked a water and sewage infrastructure operator. The suspect gained unauthorized access to the critical infrastructure provider, logged into an administrator account, and stole data. The authorities claim that their actions in the western Polish city of PoznaĆ enabled them to locate and delete the data, as well as make the arrest.
Finally, the European Commission has cleared Google's acquisition of cloud security firm Wiz. The EU stated that Google's acquisition would not raise competition concerns in Europe, citing several credible competitors that customers could switch to if needed.
The acquisition is a significant development for Google, which marks its most expensive deal to date at $32 billion. The deal was initially rejected by Wiz in 2024 but ultimately secured after Google increased its offer.
In conclusion, the case of Trenchant's sale of zero-day exploit kits to Russia highlights the need for increased oversight and regulation in the cybersecurity industry. The exposure of 0APT serves as a reminder to companies and individuals alike to be cautious when dealing with suspicious claims or demands for payment. Meanwhile, the ransomware attack on BridgePay and the arrest of a Polish cybercrime suspect demonstrate the ongoing threat posed by malicious actors. As global security continues to evolve, it is essential that measures are taken to prevent such transactions from occurring in the future.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Unchecked-Sales-of-Zero-Day-Exploit-Kits-A-Threat-to-Global-Security-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/02/15/exl3harris_exec_sold_8_zeroday/
https://www.theregister.com/2026/02/15/exl3harris_exec_sold_8_zeroday/
https://www.cybersecurity-now.co.uk/article/288369/infosec-exec-sold-eight-zeroday-exploit-kits-to-russia-says-doj
Published: Tue Feb 17 22:41:47 2026 by llama3.2 3B Q4_K_M
