Infosec in Brief The former General Manager of defense contractor L3Harris’s cyber subsidiary Trenchant sold eight zero-day exploit kits to Russia, according to a court filing last week.
We first wrote about this case in October 2025, when former Trenchant boss Peter Williams pleaded guilty to two counts of theft of trade secrets – but court records didn’t detail exactly what he stole.
That changed last week when the US Department of Justice published a sentencing memorandum [PDF] that frames Williams’ conduct as a betrayal of his employer and the US government, and the cause of significant harm to US national security.
Williams “made it possible for the Russian Broker to arm its clients with powerful cyber exploits that could be used against any manner of victim, civilian or military around the world,” the DoJ said. The broker Williams worked with regularly provided exploits to the Russian government, the DoJ alleged.
Along with the damage he caused to US national security, the DoJ said that Williams’ actions also led to the loss of more than $35 million for L3Harris and Trenchant, contributing to the government’s call to sentence him to the maximum term allowed under federal guidelines.
The sentencing memo notes that Williams could be incarcerated for up to 108 months (9 years), followed by three years of supervised release. An Australian citizen, Williams has agreed to be deported to his home country after his prison term.
In addition to his time behind bars, the DoJ has also asked the judge to force Williams to pay $35 million in restitution and additional forfeitures of items linked to his crimes.
Ransomware gang turns out to be a couple of kids in a trench coat
A recently emerged ransomware group calling itself 0APT is just a bunch of liars who haven’t hacked anyone, cybersecurity researchers have determined.
According to GuidePoint Security, 0APT’s claim of having successfully attacked over 200 entities in the course of a single week in late January was a total fabrication, with most claimed victims having ridiculous names like “Metropolis City Municipal.” As reports emerged that people thought the group was lying, its data leak site went offline before returning to life a day later with a list of around 15 high-profile multinational victims listed.
GuidePoint says companies on the shortlist also appear to have escaped infection by 0APT – the alleged victims found no evidence of intrusion after the group published their names.
GuidePoint believes there could be two reasons for the scam: Either to fool other cybercriminals into paying it for ransomware-as-a-service tools that don’t exist, or to trick organizations into believing they have suffered an attack so they pay ransoms out of fear.
In other words, if 0APT claims to have hit your organization, it probably hasn’t – but review your logs just in case.
Payment deadlines extended after actual ransomware attack hits BridgePay
People around the United States are getting a little more time to pay their local government bills following a ransomware attack that’s taken payment service provider BridgePay offline for more than a week.
BridgePay provides payment services for local governments and utilities around the country – or it did until knocked offline on February 6 due to a ransomware attack. BridgePay remains offline at the time of publication and warns restoring services could take the better part of another week.
The company said attackers did not compromise payment information, but it still doesn’t appear to understand the full extent of the incident. BridgePay said it will provide updates as it learns more.
At least one city, Frisco, Texas, has suspended shutoffs and late fees until the situation is resolved, but not everyone is so fortunate – Palm Bay, Florida’s advice on the outage suggests residents ought to hoof it to a city building to pay what’s owed.
Polish police nab critical infrastructure hacker
Polish cyber cops have arrested a suspect believed to have attacked a water and sewage infrastructure operator.
The Central Bureau for Combatting Cybercrime’s (CBZC’s) statement on the matter doesn’t say when the attack took place, but does reveal authorities apprehended the suspect in early February.
The CBZC said that the suspect gained unauthorized access to the critical infrastructure provider, logged into an administrator account and stole data. The data later appeared on the dark web.
Polish police claim that their actions in the western Polish city of Poznań enabled them to locate and delete the data and to make the arrest.
EU clears Google’s Wiz acquisition
Google’s acquisition of cloud security firm Wiz is one step closer to completion, with the EU last week clearing the deal.
The EU said that Google’s acquisition of Wiz wouldn’t raise competition concerns in Europe, as the likes of AWS and Azure offer their own strong cloud security packages.
“There are several credible competitors that customers could switch to if Google were to bundle Wiz’s multi-cloud security platform with its existing products, or in case Wiz’s platform no longer worked with clouds other than Google’s,” the European Commission said. The deal was also cleared by the US Department of Justice in November 2025.
Google previously tried to acquire Wiz in 2024 for $23 billion, but the cloudy security outfit rejected the offer. Google’s second offer of $32 billion was enough to change the Wiz team’s mind. The deal marks Google’s most expensive acquisition to date. ®
