{"id":60180,"date":"2026-02-15T23:22:14","date_gmt":"2026-02-15T23:22:14","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\/"},"modified":"2026-02-15T23:22:14","modified_gmt":"2026-02-15T23:22:14","slug":"infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\/","title":{"rendered":"Infosec exec sold eight zero-day exploit kits to Russia, says DoJ"},"content":{"rendered":"<p><span class=\"label\">Infosec in Brief<\/span> The former General Manager of defense contractor L3Harris\u2019s cyber subsidiary Trenchant sold eight zero-day exploit kits to Russia, according to a court filing last week.<\/p>\n<p>We first wrote about <a href=\"https:\/\/www.theregister.com\/2025\/10\/24\/former_l3harris_cyber_director_charged\/\">this case<\/a> in October 2025, when former Trenchant boss Peter Williams pleaded guilty to two counts of theft of trade secrets \u2013 but court records didn\u2019t detail exactly what he stole.<\/p>\n<p>That changed last week when the US Department of Justice published a sentencing <a href=\"https:\/\/regmedia.co.uk\/2026\/02\/13\/williams-sentencing-memo.pdf\" rel=\"nofollow\">memorandum<\/a> [PDF] that frames Williams\u2019 conduct as a betrayal of his employer and the US government, and the cause of significant harm to US national security.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,dmpu,\" data-sm=\",fluid,mpu,dmpu,\" data-md=\",fluid,mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Williams &#8220;made it possible for the Russian Broker to arm its clients with powerful cyber exploits that could be used against any manner of victim, civilian or military around the world,&#8221; the DoJ said. The broker Williams worked with regularly provided exploits to the Russian government, the DoJ alleged.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Along with the damage he caused to US national security, the DoJ said that Williams&#8217; actions also led to the loss of more than $35 million for L3Harris and Trenchant, contributing to the government&#8217;s call to sentence him to the maximum term allowed under federal guidelines.<\/p>\n<p>The sentencing memo notes that Williams could be incarcerated for up to 108 months (9 years), followed by three years of supervised release. An Australian citizen, Williams has agreed to be deported to his home country after his prison term.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,dmpu,\" data-sm=\",fluid,mpu,dmpu,\" data-md=\",fluid,mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>In addition to his time behind bars, the DoJ has also asked the judge to force Williams to pay $35 million in restitution and additional forfeitures of items linked to his crimes.<\/p>\n<h3 class=\"crosshead\">Ransomware gang turns out to be a couple of kids in a trench coat<\/h3>\n<p>A recently emerged ransomware group calling itself 0APT is just a bunch of liars who haven&#8217;t hacked anyone, cybersecurity researchers have <a href=\"https:\/\/www.guidepointsecurity.com\/blog\/gritrep-0apt-and-the-victims-who-werent\/\" rel=\"nofollow\">determined<\/a>.<\/p>\n<p>According to GuidePoint Security, 0APT&#8217;s claim of having successfully attacked over 200 entities in the course of a single week in late January was a total fabrication, with most claimed victims having ridiculous names like &#8220;Metropolis City Municipal.&#8221; As reports emerged that people thought the group was lying, its data leak site went offline before returning to life a day later with a list of around 15 high-profile multinational victims listed.<\/p>\n<p>GuidePoint says companies on the shortlist also appear to have escaped infection by 0APT \u2013 the alleged victims found no evidence of intrusion after the group published their names.<\/p>\n<p>GuidePoint believes there could be two reasons for the scam: Either to fool other cybercriminals into paying it for ransomware-as-a-service tools that don&#8217;t exist, or to trick organizations into believing they have suffered an attack so they pay ransoms out of fear.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>In other words, if 0APT claims to have hit your organization, it probably hasn&#8217;t \u2013 but review your logs just in case.<\/p>\n<h3 class=\"crosshead\">Payment deadlines extended after actual ransomware attack hits BridgePay<\/h3>\n<p>People around the United States are getting a little more time to pay their local government bills following a ransomware attack that&#8217;s taken payment service provider BridgePay offline for more than a week.<\/p>\n<p>BridgePay provides payment services for local governments and utilities around the country \u2013 or it did until knocked offline on February 6 due to a ransomware attack. BridgePay remains offline at the time of publication and <a href=\"https:\/\/status.bridgepaynetwork.com\/?ref=dysruptionhub.com\" rel=\"nofollow\">warns<\/a> restoring services could take the better part of another week.<\/p>\n<p>The company said attackers did not compromise payment information, but it still doesn&#8217;t appear to understand the full extent of the incident. BridgePay said it will provide updates as it learns more.<\/p>\n<p>At least one city, Frisco, Texas, has <a href=\"https:\/\/www.friscotexas.gov\/133\/39786\/Utility-Billing?ref=dysruptionhub.com\" rel=\"nofollow\">suspended<\/a> shutoffs and late fees until the situation is resolved, but not everyone is so fortunate \u2013 Palm Bay, Florida&#8217;s <a href=\"https:\/\/www.palmbayfl.gov\/Home\/Components\/News\/News\/13335\/?ref=dysruptionhub.com\" rel=\"nofollow\">advice<\/a> on the outage suggests residents ought to hoof it to a city building to pay what&#8217;s owed.<\/p>\n<h3 class=\"crosshead\">Polish police nab critical infrastructure hacker<\/h3>\n<p>Polish cyber cops have arrested a suspect believed to have attacked a water and sewage infrastructure operator.<\/p>\n<p>The Central Bureau for Combatting Cybercrime&#8217;s (CBZC\u2019s) <a href=\"https:\/\/cbzc.policja.gov.pl\/bzc\/aktualnosci\/812,Odpowie-za-cyberatak-na-infrastrukture-krytyczna.html\" rel=\"nofollow\">statement<\/a> on the matter doesn\u2019t say when the attack took place, but does reveal authorities apprehended the suspect in early February.<\/p>\n<p>The CBZC said that the suspect gained unauthorized access to the critical infrastructure provider, logged into an administrator account and stole data. The data later appeared on the dark web.<\/p>\n<p>Polish police claim that their actions in the western Polish city of Pozna\u0144 enabled them to locate and delete the data and to make the arrest.<\/p>\n<h3 class=\"crosshead\">EU clears Google&#8217;s Wiz acquisition<\/h3>\n<p>Google&#8217;s acquisition of cloud security firm Wiz is one step closer to completion, with the EU last week <a href=\"https:\/\/ec.europa.eu\/commission\/presscorner\/detail\/en\/ip_26_333\" rel=\"nofollow\">clearing<\/a> the deal.<\/p>\n<p>The EU said that Google&#8217;s acquisition of Wiz wouldn&#8217;t raise competition concerns in Europe, as the likes of AWS and Azure offer their own strong cloud security packages.<\/p>\n<p>&#8220;There are several credible competitors that customers could switch to if Google were to bundle Wiz&#8217;s multi-cloud security platform with its existing products, or in case Wiz&#8217;s platform no longer worked with clouds other than Google&#8217;s,&#8221; the European Commission said. The deal was also <a href=\"https:\/\/www.theregister.com\/2025\/11\/05\/googles_32b_wiz_acquisition_its\/\">cleared<\/a> by the US Department of Justice in November 2025.<\/p>\n<p>Google previously tried to acquire Wiz in 2024 for $23 billion, but the cloudy security outfit <a href=\"https:\/\/www.theregister.com\/2024\/07\/23\/alphabet_wiz_deal_scuppered\/\">rejected<\/a> the offer. Google&#8217;s second offer of $32 billion was enough to change the Wiz team&#8217;s mind. The deal marks Google&#8217;s most expensive acquisition to date. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2026\/02\/15\/exl3harris_exec_sold_8_zeroday\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>PLUS: Fake ransomware group exposed; EC blesses Google&#8217;s big Wiz deal; Alleged sewage hacker cuffed; And more Infosec in Brief\u00a0 The former General Manager of defense contractor L3Harris\u2019s cyber subsidiary Trenchant sold eight zero-day exploit kits to Russia, according to a court filing last week.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-60180","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Infosec exec sold eight zero-day exploit kits to Russia, says DoJ 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Infosec exec sold eight zero-day exploit kits to Russia, says DoJ 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-15T23:22:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Infosec exec sold eight zero-day exploit kits to Russia, says DoJ\",\"datePublished\":\"2026-02-15T23:22:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\\\/\"},\"wordCount\":915,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\\\/\",\"name\":\"Infosec exec sold eight zero-day exploit kits to Russia, says DoJ 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2026-02-15T23:22:14+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infosec exec sold eight zero-day exploit kits to Russia, says DoJ\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Infosec exec sold eight zero-day exploit kits to Russia, says DoJ 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\/","og_locale":"en_US","og_type":"article","og_title":"Infosec exec sold eight zero-day exploit kits to Russia, says DoJ 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2026-02-15T23:22:14+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Infosec exec sold eight zero-day exploit kits to Russia, says DoJ","datePublished":"2026-02-15T23:22:14+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\/"},"wordCount":915,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\/","url":"https:\/\/www.threatshub.org\/blog\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\/","name":"Infosec exec sold eight zero-day exploit kits to Russia, says DoJ 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2026-02-15T23:22:14+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aZKbqFDfMfZM2bJgdnwW6gAAAYQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/infosec-exec-sold-eight-zero-day-exploit-kits-to-russia-says-doj\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Infosec exec sold eight zero-day exploit kits to Russia, says DoJ"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60180","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=60180"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60180\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=60180"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=60180"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=60180"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}