Skip to main content
Emerging ThreatsMalware & Ransomware

Convicted Felons Launch Offensive Cybersecurity Firm, Lure Researchers with Million-Dollar Payouts

Convicted Felons Launch Offensive Cybersecurity Firm, Lure Researchers with Million-Dollar Payouts

"Our business model is this," reads a pinned post on the IRIS C2 X account. "Attract the very best vulnerability researchers and exploit developers in the world to join our company."

IRIS C2's public recruitment pitch and payday promises

The IRIS C2 account on X/Twitter (@C2IRIS) — created in January 2025 — has amassed more than 4,000 followers and regularly posts about security vulnerabilities, AI and software exploits. The linked website, irisc2[.]com, advertises open positions and claims the company acquires "zero-day exploits, individual primitives, partial chains, and full capabilities across all major platforms," offering "Payouts range from $10,000 to $7 million depending on target, reliability, and operational value." A recent LinkedIn post from the account celebrated "an overwhelming number of applications" from prospective employees.

Calvexa Group LLC, incorporation records, and the McLean/Maryland footprint

The government contracting portal g2exchange.com reports that irisc2[.]com is operated by a Virginia business called Calvexa Group LLC. G2Exchange shows Calvexa Group LLC is registered as a federal contractor but does not appear to be performing any direct government contracts. The "contact" link on Calvexa Group's site, calvexagroup[.]com, forwards visitors to irisc2[.]com. Incorporation records list an Arlington, Va. address that is occupied by Jack Burkman, the 60-year-old founder and managing partner of the lobbying firm Burkman & Associates.

Jacob Wohl’s description of IRIS C2 operations and staffing

When KrebsOnSecurity asked about IRIS C2, Jack Burkman referred further inquiries to his longtime associate, Jacob Wohl. In an interview with KrebsOnSecurity, Wohl said Burkman was not involved in day-to-day operations. Wohl said IRIS C2 began as a penetration-testing company and has recently shifted focus to selling "phone-hacking services to the government," adding several times that he was not at liberty to name specifics about government contracts.

Wohl told KrebsOnSecurity he has no formal education or training in computer science or information security and that most of his knowledge is self-taught. "I know more about tech than anyone," Wohl said. He claimed IRIS C2 has approximately 40 employees but said none are allowed to list employment on LinkedIn "for operational security reasons." Wohl also described the company's work turning preliminary vulnerability findings into stable, reliable exploits: "You need that exploit to be stable and reliable, and that's what we do," he said.

Burkman and Wohl's documented history of fake intelligence companies and legal penalties

Reporting assembled by KrebsOnSecurity traces a long pattern of deceptive ventures and legal consequences associated with Burkman and Wohl. The pair have been linked to fake intelligence companies and used them to spread false claims and frame public figures, including fabricated sexual-assault allegations against then-FBI director Robert Mueller and against Pete Buttigieg. In 2019 they held press conferences alleging extramarital affairs by Sen. Elizabeth Warren and then-candidate Kamala Harris that were later discredited.

After the 2020 presidential election, Wohl and Burkman were prosecuted by multiple U.S. states over thousands of robocalls disseminating false claims about mail-in ballots. They were indicted in Cleveland on 15 felony counts alleging a robocall scheme aimed at suppressing the Black vote in Detroit; their appeals to dismiss those charges were rejected and they were sentenced in late 2025 to probation. In 2022 the two pleaded guilty in Ohio to a single felony charge of telecommunications fraud and were sentenced to a fine, probation, and community service. A March 2023 New York civil ruling found they had violated federal and state civil-rights laws; the pair agreed to pay a $1 million settlement. In June 2023 the Federal Communications Commission imposed a $5.1 million fine against them for robocall campaigns.

Separate reporting noted the pair ran an AI-based lobbying startup called LobbyMatic under pseudonyms — Wohl reportedly using "Jay Klein" and Burkman using "Bill Sanders" — a revelation that prompted at least two employees to resign once the true identities were learned.

What this means for technologists, procurement officers, and conference attendees

  • Technologists and security researchers: IRIS C2's public, high‑value offers — advertised payouts up to $7 million — create an unusually brazen storefront for exploit acquisition. KrebsOnSecurity reported an attendee at a regional cybersecurity conference who said Wohl and Calvexa were pestering people to sell their vulnerability research.
  • Government procurement officers and contractors: g2exchange.com lists Calvexa Group LLC as a federal contractor, but the portal shows no direct government contracts. Wohl told KrebsOnSecurity he has worked on federal government contracts but would not provide details when pressed.
  • Conference organizers and employers: Politico reporting cited in KrebsOnSecurity found that employees of a prior startup run under assumed names resigned after learning the founders' identities. Wohl told KrebsOnSecurity that IRIS C2 employees are not permitted to list their employment publicly.

The public posture of IRIS C2 — openly soliciting zero-days and promising seven‑figure payouts — combined with the founders' record of false identities, legal penalties, and prior deceptive ventures, raises concrete questions about vetting, provenance, and the ultimate buyers of offensive cybersecurity capabilities. Jacob Wohl insists the firm is producing operational, reliable exploit tooling and hinted at government work without naming clients; who, if anyone, will publicly step forward to validate those claims remains unanswered.

Source: KrebsOnSecurity, July 2026