Exploit Brokers and Offensive Cyber Operations

Matthias Dellago, Andrew C. Simpson, Daniel W. Woods

Research output: Contribution to journalArticlepeer-review


A necessary step in conducting offensive cyber operations is developing or acquiring an exploit, i.e., a means for taking advantage of a software vulnerability or security deficiency. While these can be developed within government agencies, they can also be procured from private actors. Studying these private markets present an opportunity to understand offensive cyber operations, especially as markets break from the secretive culture of intelligence agencies. This article provides novel evidence of such opportunities by collecting data in the form of the prices quoted by an exploit broker who claims to sell to governments. We find exploit price inflation of 44% per annum, and higher prices for exploits targeting mobile devices relative to desktop devices. Exploits requiring additional capabilities like physical access to the device are quoted at a discount, and no-click remote access vulnerabilities carry a heavy premium. The broker does not quote prices for any exploits that specifically target industrial control systems or IoT devices. We conclude by discussing how these results inform the future of offensive cyber.
Original languageEnglish
Pages (from-to)31-48
Number of pages17
JournalThe Cyber Defense Review
Issue number3
Publication statusPublished - 16 Aug 2022


Dive into the research topics of 'Exploit Brokers and Offensive Cyber Operations'. Together they form a unique fingerprint.

Cite this