A Russian exploit brokerage firm, Operation Zero, has publicly announced bounties of up to $4 million for zero-day vulnerabilities in Telegram, signaling heightened state-sponsored interest in compromising the popular messaging app.

The company, which exclusively serves the Russian government and local entities, is seeking remote code execution (RCE) exploits across the Android, iOS, and Windows versions of Telegram. Payouts scale based on exploit sophistication.