I’ll share one exclusive detail. After firmly verifying my findings, I conducted a "field test" targeting Conti members. Out of desperation, they offered $4M for a zero-click Telegram exploit. Full story:
(I’ll share more in my future articles.)habr.com/ru/news/893464/
(I’ll share more in my future articles.)habr.com/ru/news/893464/
A few months ago, I launched a small but painful information attack in Telegram targeting some Conti members (Target and Professor).
Out of desperation, they even tried to buy a Telegram exploit, offering $4 million for a zero-click vulnerability.
Out of desperation, they even tried to buy a Telegram exploit, offering $4 million for a zero-click vulnerability.
"Russian exploit broker Operation Zero has announced a bounty for zero-day vulnerabilities in Telegram: up to $500,000 for one-click RCE, up to $1.5 million for zero-interaction RCE, and $4 million for a full-chain exploit. The payouts are in line with market rates offered by industry giants. The offer covers all versions of the messenger." (I’ll publish this in my future articles as well.)
A representative of the messenger responded with a condescending statement, reminding everyone that there have been no zero-click attacks on Telegram so far, and the tender indicates that such vulnerabilities have yet to be found in the code. As is well known, Telegram's code is open for review by anyone, and its builds are reproducible. So, the developer's reaction is understandable — translated from corporate-speak to plain human language in the image below.
What’s my point? I’ve solved the puzzle — I figured out who Professor and Target are. Then I asked myself: why am I so confident in the accuracy of my conclusions? So, I ran a final check — I poked the hornet’s nest with a stick. It was fun.
I’ll publish a detailed article about it later.
I’ll publish a detailed article about it later.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
