Trenchant Boss Sold Advanced Cyber Tools that Could Compromise Millions of Computers Worldwide to Russian Broker, DOJ Says
Published
Key Takeaways
- Guilty Plea: Peter Williams, the former boss of U.S. hacking tool firm Trenchant, pleaded guilty to stealing and selling eight exploits from his employer.
- Russian Connection: U.S. prosecutors allege Williams sold the tools for over $1.3 million to a Russian broker that serves the Russian government.
- National Security Risk: The Department of Justice said the sold exploits could potentially access millions of computers worldwide, directly harming U.S. intelligence interests.
The former head of Trenchant, a U.S. defense contractor subsidiary, stole and sold powerful hacking tools to a Russian broker, according to new details from the Department of Justice. Court documents now reveal that these tools could access millions of computers and devices worldwide, posing a significant threat to U.S. national security.
Australian national Peter Williams, 39, previously pleaded guilty to stealing eight exploits from Trenchant, which is owned by L3Harris. Prosecutors are seeking a 9-year prison sentence for Williams, who is scheduled for sentencing on February 24.
The Scope of the DOJ Russian Broker Case
The DOJ alleges that Williams sold the stolen technology to a company believed to be Operation Zero, a notorious Russian zero-day exploit broker known to sell exclusively to the Russian government and its affiliates, thus arming the broker with “advanced cyber tools that could be re-sold to Russian and other non-NATO countries.”
The DoJ says Williams was a trusted senior corporate manager at two U.S. defense contractors that worked with multiple partners of the U.S. Intelligence Community (“USIC”) and other intelligence organizations in the Five Eyes countries. He sold eight of their cyber tools to the broker.
Williams received more than $1.3 million in cryptocurrency from sales between 2022 and 2025. According to prosecutors, Williams continued to sell the exploits even after becoming aware of an FBI investigation into the theft.
During this period, he also oversaw an internal investigation that wrongly blamed a subordinate for his actions. In a recent letter, the accused expressed regret for his actions.
Cybersecurity and Zero-Day Exploits Concerns
The stolen tools are classified as "zero-days," meaning they target vulnerabilities that software makers have not yet patched. By selling these powerful exploits on the open market, Williams provided a foreign adversary with the means to conduct potential government surveillance, cybercrime, and ransomware attacks.
The defendant “caused serious financial and reputational damage to the defense contractors by whom he was employed, including the loss of over $35 million” to the companies, according to the DoJ.
In other recent news, Ivanti zero-days are exploited in global cyberattacks, the Dutch government has been breached, and possibly the European Commission may have also been impacted
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular