OrganisationUS

L3Harris

US defence contractor whose Trenchant cyber unit had at least eight government-only zero-day exploits stolen and sold to Operation Zero.

Last refreshed: 17 April 2026 · Appears in 1 active topic

Key Question

How did a former L3Harris executive sell US government hacking tools to Russia?

Timeline for L3Harris

#117 Apr

OFAC turns IP law on Operation Zero

Cybersecurity: Threats and Defences

View full timeline →

Follow Cybersecurity: Threats and Defences →

Common Questions

How did Peter Williams steal hacking tools from the US government?: Peter Williams worked as an executive at Trenchant, the cyber unit of US defence contractor L3Harris. He stole at least eight zero-day exploits developed exclusively for US government use and sold them to Operation Zero between 2022 and 2025.Source: DOJ sentencing documents
What is Trenchant at L3Harris?: Trenchant is L3Harris's specialist offensive cyber capability unit that develops hacking tools for classified US government programmes.Source: DOJ / OFAC

Background

L3Harris Technologies is the US defence and aerospace company whose Trenchant cyber unit developed zero-day exploits exclusively for US government use. Former Trenchant executive Peter Williams stole at least eight of those exploits and sold them to Operation Zero between 2022 and 2025. Williams pleaded guilty on 29 October 2025 and was sentenced to 87 months (seven years, three months) on 24 February 2026.

L3Harris is one of the largest US defence contractors, operating across electronic warfare, space, communications and cyber domains. Its Trenchant unit is a specialist offensive cyber capability unit that develops tools for US government customers under classified programmes. The Williams case exposed the insider-threat surface of government-facing offensive cyber development: an insider with access to finished government tools and an established exploit-broker network offshore.

For the defence industrial base, the Williams case has prompted reviews of technical controls on classified cyber-tool repositories. The combination of OFAC's simultaneous sanctioning of the buyer network and DOJ sentencing of the insider creates a two-end enforcement signal: supply and demand side of the exploit-theft pipeline are both in scope.

How the World Sees Them

US DOD / customers

An insider-threat exfiltration from a government-facing offensive cyber unit is the precise scenario the defence industrial base's supply-chain security posture is designed to prevent; Williams's conviction is both a deterrent and an admission of failure.

UK / allied intelligence

Stolen US government exploits sold to a Russian-linked broker represent a direct counterintelligence and operational-security concern for allied agencies sharing tool knowledge.

Russian buyers (Operation Zero)

OFAC's designation arrived alongside DOJ sentencing, demonstrating coordinated supply-and-demand enforcement; the Russian broker network's exposure to PAIPA was not publicly flagged before the action.