The U.S. Department of the Treasury, through its Office of Foreign Assets Control (OFAC), has imposed sanctions on a Russian exploit broker network, marking the first enforcement action under the new Protecting American Intellectual Property Act. The sanctions target Sergey Sergeyevich Zelenyuk and his St. Petersburg-based firm, Matrix LLC, operating as "Operation Zero."
According to OFAC, Operation Zero traded in 'exploits'—code or techniques that exploit software vulnerabilities to gain unauthorized access or steal data. The firm openly offered multi-million dollar bounties on social media platform X for vulnerabilities in systems like Apple's iOS and the Telegram messaging app. Treasury alleges the network's clients were exclusively "Russian private and government organizations."
The core of the violation involves the theft and sale of at least eight proprietary "cyber tools" developed for the exclusive use of the U.S. government and select allies. The U.S. State Department detailed that an Australian national, Peter Williams, a former employee of a U.S. defense contractor, stole these "zero-day exploits" between 2022 and 2025. He subsequently sold them to Operation Zero in exchange for $1.3 million in cryptocurrency payments. Williams pleaded guilty to two counts of theft of trade secrets in October of last year.
Treasury Secretary Scott Bessent confirmed the sanctions are a direct response to this theft, highlighting the use of digital assets to evade controls and fund activities that compromise national security. The action also sanctioned Oleg Vyacheslavovich Kucherov, a suspected member of the Trickbot cybercrime gang, and Marina Evgenyevna Vasanovich, described as Zelenyuk's assistant.
Authorities indicated that Operation Zero also worked to develop spyware and AI-based tools for extracting personal data and used social media to recruit hackers and build ties with foreign intelligence agencies. The Treasury Department's move signals a clear intent to disrupt the financial flows that incentivize corporate espionage and may lead to further sanctions on cryptocurrency wallets associated with the network.
