Peter Williams, a former general manager at L3Harris Trenchant (a U.S. defense contractor specializing in cyber capabilities for the Five Eyes alliance), pleaded guilty to stealing and selling eight protected cyber-exploit components classified as national-security-focused software to a Russian vulnerability exploit broker (allegedly *Operation Zero*) between 2022 and 2025. The stolen tools, valued at $35 million, were intended exclusively for the U.S. government and select allies but were sold for $1.3 million in cryptocurrency, granting Russian cyber actors a strategic advantage. Williams also signed contracts for ongoing support of these exploits, potentially enabling attacks against U.S. citizens, businesses, and critical infrastructure. The breach involved highly sensitive offensive/defensive cyber tools, including possible zero-day exploits (e.g., Chrome vulnerabilities), which could be weaponized for espionage, sabotage, or large-scale cyberattacks. The U.S. Department of Justice emphasized the direct threat to national security, as the leaked components could undermine military, intelligence, and allied operations. The incident also triggered internal investigations at Trenchant, including probes into another employee linked to iOS zero-day leaks, raising concerns about systemic insider threats and the proliferation of state-sponsored cyber weapons.
TPRM report: https://www.rankiteo.com/company/l3harris-technologies
"id": "l3h4092140103025",
"linkid": "l3harris-technologies",
"type": "Breach",
"date": "6/2022",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"{'affected_entities': [{'customers_affected': ['U.S. Government',
'Five Eyes Alliance Members'],
'industry': ['Defense',
'Cybersecurity',
'Government Contracting'],
'location': 'United States',
'name': 'L3Harris Technologies (Trenchant Systems)',
'type': ['Defense Contractor',
'Cyber Capabilities Business Unit']}],
'attack_vector': ['Abuse of Privileged Access',
'Data Exfiltration (Digital)',
'Cryptocurrency Transactions'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['Exploit Code',
'Software Components',
'Technical Documentation (inferred)'],
'number_of_records_exposed': '8 (exploit components)',
'sensitivity_of_data': 'Top Secret (U.S. '
'government-exclusive)',
'type_of_data_compromised': ['Cyber Exploit Components',
'Trade Secrets',
'National-Security Software']},
'date_publicly_disclosed': '2025-06-20',
'description': 'Peter Williams, a former general manager at U.S. defense '
'contractor L3Harris Trenchant, pleaded guilty to stealing and '
'selling at least eight protected cyber-exploit components '
'(valued at $35 million) to a Russian vulnerability exploit '
'broker between 2022 and 2025. The exploits were intended '
'exclusively for the U.S. government and select allies. '
'Williams received $1.3 million in cryptocurrency for the '
'stolen trade secrets, which were sold to a broker linked to '
"the Russian government (suspected to be 'Operation Zero'). "
'The incident risks empowering Russian cyber actors against '
'U.S. targets. Williams faces up to 10 years in prison and '
'fines of $250,000 or twice the gain/loss from the offense. '
'Concurrently, Trenchant is investigating a separate potential '
'leak of Google Chrome zero-day vulnerabilities involving '
'another employee, Jay Gibson.',
'impact': {'brand_reputation_impact': ['Reputational damage to L3Harris '
'Trenchant',
'Erosion of trust among U.S. '
'government/allies'],
'data_compromised': ['Eight protected cyber-exploit components',
'National-security focused software',
'Trade secrets'],
'financial_loss': '$35,000,000 (value of stolen exploits)',
'legal_liabilities': ['Criminal charges against Peter Williams '
'(max 10 years imprisonment, $250K fine)',
'Potential civil liabilities for L3Harris'],
'operational_impact': ['Compromised U.S. offensive/defensive cyber '
'capabilities',
'Potential advantage for Russian cyber '
'operations against U.S. targets']},
'initial_access_broker': {'data_sold_on_dark_web': ['Sold to Russian broker '
'(Operation Zero '
'suspected)',
'Potential resale to '
'Russian government '
'actors'],
'entry_point': ['Abuse of privileged access '
'(high-level GM role)',
'Contractual agreements with '
'Russian broker'],
'high_value_targets': ['U.S. government-exclusive '
'cyber exploits',
'Zero-day vulnerabilities'],
'reconnaissance_period': '2022–2025 (3 years)'},
'investigation_status': ['Ongoing (Peter Williams sentencing pending)',
'Active (Jay Gibson/Chrome zero-day leak)'],
'lessons_learned': ['Critical need for insider threat detection in defense '
'contractors',
'Risks of high-level access abuse in cybersecurity firms',
'Vulnerability of cryptocurrency transactions in illicit '
'trade',
'Importance of monitoring employee interactions with '
'foreign brokers'],
'motivation': ['Financial Gain (Personal)',
'State-Sponsored Advantage (Russian Cyber Actors)',
'Ongoing Support Fees'],
'post_incident_analysis': {'corrective_actions': ['Overhaul of insider threat '
'detection systems',
'Implementation of '
'real-time monitoring for '
'sensitive data access',
'Enhanced background checks '
'for cleared personnel',
'Mandatory reporting of '
'foreign '
'contacts/transactions',
'Review of cryptocurrency '
'transaction policies for '
'employees'],
'root_causes': ['Insufficient insider threat '
'monitoring',
'Lack of oversight for high-value '
'asset access',
'Inadequate detection of '
'unauthorized data exfiltration',
'Failure to flag suspicious '
'cryptocurrency transactions',
'Possible gaps in '
'counterintelligence vetting']},
'recommendations': ['Enhance insider threat programs with behavioral '
'analytics',
'Implement stricter access controls for sensitive cyber '
'tools',
'Monitor cryptocurrency transactions linked to employees',
'Conduct regular audits of high-value asset access',
'Strengthen vetting for employees with access to '
'classified materials',
'Expand counterintelligence training for cleared '
'personnel'],
'references': [{'date_accessed': '2025-06-20',
'source': 'U.S. Department of Justice'},
{'date_accessed': '2025-06-20',
'source': 'BleepingComputer',
'url': 'https://www.bleepingcomputer.com/news/security/former-l3harris-manager-pleads-guilty-to-selling-cyber-exploits-to-russian-broker/'},
{'date_accessed': '2025-06-15',
'source': 'TechCrunch',
'url': 'https://techcrunch.com/2025/06/15/l3harris-investigating-leak-of-chrome-zero-days/'}],
'regulatory_compliance': {'fines_imposed': ['Up to $250,000 or twice the '
'gain/loss (pending sentencing)'],
'legal_actions': ['Criminal prosecution of Peter '
'Williams (guilty plea)',
'Ongoing investigation into Jay '
'Gibson (Chrome zero-days)'],
'regulations_violated': ['Economic Espionage Act '
'(18 U.S.C. § 1831)',
'Theft of Trade Secrets '
'(18 U.S.C. § 1832)',
'Potential ITAR/EAR '
'violations (export '
'controls)'],
'regulatory_notifications': ['U.S. Department of '
'Justice',
'FBI '
'Counterintelligence '
'Division']},
'response': {'communication_strategy': ['DOJ public announcement',
'Media statements (e.g., '
'BleepingComputer, TechCrunch)'],
'containment_measures': ['Legal action against Peter Williams '
'(guilty plea)',
'Internal investigation into related '
'Chrome zero-day leaks'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True},
'stakeholder_advisories': ['U.S. Government (Five Eyes allies notified)',
'Defense/Intelligence Community briefings '
'(inferred)'],
'threat_actor': {'broker': {'clients': ['Russian Government',
'Other Undisclosed Actors'],
'name': ['Operation Zero (suspected)'],
'specialization': ['Zero-Day Exploits',
'Zero-Click RCEs',
'Mobile/OS Exploits'],
'type': 'Russian Vulnerability Exploit Broker'},
'individual': {'affiliation': None,
'motivation': ['Financial Gain',
'Collaboration with Foreign '
'Adversary'],
'name': 'Peter Williams',
'nationality': 'Australian',
'role': 'Former General Manager at L3Harris '
'Trenchant'}},
'title': 'Former L3Harris Trenchant GM Pleads Guilty to Selling Cyber '
'Exploits to Russian Broker',
'type': ['Insider Threat',
'Espionage',
'Theft of Trade Secrets',
'Cyber Exploit Trafficking']}