Why would companies like Kaspersky disclose Operation Triangulation instead of selling it to the Russian government (FSB)

I just finished watching 37C3 - Operation Triangulation and im still amazed by how complex and sophisticated this attack was, I would not even dare to understand 10% of it, specially the memory specific ones.

But my main question here is, why would Kaspersky disclose these zero-days to Apple, instead of reselling them to the Russian government? or how did even the Russian government (or their FSB) not force Kaspersky to hand over those zero days instead of disclosing it? I know Kaspersky might benefit from this publicity, but surely it can get better results?

Bonus question: Who in their right mind would target a security company, or a security researcher? the story seems a bit fishy to me.

submitted by /u/evilkidaz
[link] [comments]

from hacking: security in practice https://ift.tt/fKSmzia