A former executive at a company that sells zero-day vulnerabilities and exploits to the United States and its allies pleaded guilty in federal court in Washington, DC, on Wednesday to selling trade secrets worth at least $1.3 million to a buyer in Russia, according to US prosecutors.
Peter Williams, a 39-year-old Australia native who resides in the US, faced two charges related to the theft of trade secrets. As part of the plea agreement, Williams faces between 87 and 108 months in prison and fines of up to $300,000. He must also pay restitution of $1.3 million.
Williams will be sentenced early next year. Until then, he will remain on house confinement at his apartment, must undergo electronic monitoring, and is permitted to leave his home for one hour each day, according to the plea agreement.
Williams worked for less than a year as a director at L3 Harris Trenchant—a subsidiary of the US-based defense contractor L3Harris Technologies—when he resigned in mid-August from the company for unspecified reasons, according to UK corporate records. Prosecutors, however, said at the hearing that he was employed by the company or its predecessor since at least 2016. Prior to his time at Trenchant, Williams reportedly worked for the Australian Signals Directorate, during the 2010s. The ASD is equivalent to the US National Security Agency and is responsible for the cyber defense of Australian government systems as well as the collection of foreign signals intelligence. As part of its signals intelligence work, the ASD has authority to conduct hacking operations using the kinds of tools that Trenchant and other companies sell.
This month the Justice Department accused Williams of stealing eight trade secrets from two companies and selling them to a buyer in Russia between April 2022 and August 2025, a time period that coincides in part with Williams’ employment at L3 Trenchant.
The document does not name the two companies, nor does it say whether the buyer, described by prosecutors as a Russia-based software broker, was connected to the Russian government.
Prosecutors said that the unidentified Russian company was in the business of buying zero-day vulnerabilities and exploits from researchers and selling them to other Russian companies and “non-NATO countries.” Prosecutors also read a September 2023 social media post by the Russian company that said it had increased payouts for some mobile exploits to between $200,000 and $20 million. A September 26, 2023, post on X by Operation Zero, which describes itself as the “only Russian-based zero-day vulnerability purchase platform,” used identical language.
Operation Zero did not immediately respond to a request for comment.
