Trenchant General Manager Pleads Guilty to Selling Zero-Days to Russia

Peter Williams, the former general manager of L3Harris Trenchant, a key US defense contractor specializing in surveillance and offensive cyber tools, has pleaded guilty to stealing and selling classified zero-day exploits to a Russian cyber weapons broker known to supply the Russian government.

Williams, a 39-year-old Australian national and former employee of the Australian Signals Directorate (ASD), admitted in US District Court on October 29, 2025, to two counts of theft of trade secrets. The Justice Department stated that he used his privileged access at Trenchant to steal eight highly sensitive cyber-exploit components over a three-year period, between 2022 and 2025. The exploits were developed for exclusive use by the US government and select allies, yet were sold to a broker advertising as a supplier to non-NATO clients, including Russia.

The investigation, led by the FBI’s Counterintelligence Division in Baltimore, revealed that Williams entered into multiple contracts with the Russian broker, receiving $1.3 million in cryptocurrency for the stolen tools. These agreements included not only the initial exchange of the exploits but also support arrangements, suggesting an ongoing relationship. Williams used encrypted communications to exfiltrate the tools and reportedly spent the proceeds on luxury items.

L3Harris Trenchant is the exploit and surveillance division of L3Harris Technologies, a major US defense contractor. It was formed through the 2019 acquisition of Australian cybersecurity firms Azimuth Security and Linchpin Labs, both of which were deeply involved in developing and supplying zero-day vulnerabilities to members of the Five Eyes alliance. Trenchant’s work primarily supports government clients across the US, Australia, Canada, New Zealand, and the UK, and includes developing exploits for platforms such as iOS and Google Chrome.

TechCrunch previously reported that Trenchant was internally investigating a leak of hacking tools earlier this year. The incident led to the firing of a developer accused of leaking Chrome zero-days. That individual, however, maintained innocence and stated he worked on iOS exploits and had no access to Chrome-related projects. Notably, Williams himself led that internal investigation and was responsible for the employee’s dismissal, raising serious questions about whether he used the probe as cover for his own illicit activity.

While the DOJ has not named the Russian broker involved, industry sources and public reporting point to Operation Zero, a Moscow-linked entity known for purchasing exploits from independent researchers and reselling them to Russian-aligned clients.

Assistant Attorney General John Eisenberg described Williams’ actions as “deliberate and deceitful,” warning that insiders who compromise national security for personal gain will face harsh consequences. US Attorney Jeanine Pirro emphasized the scale of the damage, citing estimated losses of $35 million to Trenchant and the exposure of critical cyber capabilities to foreign adversaries.

Williams is currently under house arrest in Washington, D.C., and is scheduled to be sentenced in January 2026. He faces up to 20 years in prison and a fine of up to $500,000, though the actual penalty will depend on the court’s assessment of the case’s impact.