The U.S. Treasury Department has sanctioned a Russian national and his company for acquiring and selling stolen American cyber tools that pose risks to national security, marking the first use of a new law aimed at protecting intellectual property.
The Office of Foreign Assets Control targeted Sergey Sergeyevich Zelenyuk and Matrix LLC, which operates under the name Operation Zero, along with five related individuals and entities.
Zelenyuk and his firm, based in St. Petersburg, Russia, have traded in exploits — code or methods that exploit software vulnerabilities to enable unauthorized access, data theft, or device control.
Operation Zero has offered rewards for exploits targeting U.S.-developed software and acquired at least eight proprietary tools meant solely for the U.S. government and certain allies. Those tools were stolen from an American company and later sold by Operation Zero to at least one unauthorized buyer.
“If you steal U.S. trade secrets, we will hold you accountable,” Treasury Secretary Scott Bessent said in a news release. “Treasury will continue to work alongside the rest of the Trump Administration to protect sensitive American intellectual property and safeguard our national security.”
The sanctions align with a Justice Department and FBI probe into Peter Williams, an Australian who once worked for the U.S. company. Williams pleaded guilty on October 29, 2025, to two counts of trade secret theft. He took multiple proprietary cyber tools from 2022 to 2025 and sold them to Operation Zero for millions in cryptocurrency.
The designations fall under Executive Order 13694, as amended by Executive Order 14306, for cyber activities likely to threaten U.S. national security, foreign policy, or economic stability, including misappropriation of intellectual property for gain.
Separately, the State Department sanctioned Zelenyuk, Operation Zero, and an affiliated United Arab Emirates firm, Special Technology Services LLC FZ, under the Protecting American Intellectual Property Act. These are the initial sanctions under that law, which addresses significant trade secret thefts that could harm U.S. interests.
Zelenyuk has run Operation Zero as an exploit broker since 2021, posting bounties worth millions for vulnerabilities in popular software like U.S. operating systems and encrypted messaging apps. The company does not report flaws to affected developers, potentially allowing customers to use them for ransomware or other harmful purposes.
In public materials, Zelenyuk and Operation Zero have said they sell exploits only to clients in non-NATO countries. They have aimed to supply foreign intelligence services while also pursuing the development of spyware, data extraction from AI applications, and the recruitment of hackers via social media to build ties with overseas agencies.
Among the sanctioned affiliates is Marina Evgenyevna Vasanovich, Zelenyuk’s assistant, and Special Technology Services LLC FZ, a UAE company he controls. Both are designated for acting on Zelenyuk’s behalf.
Also hit are Azizjon Makhmudovich Mamashoyev and Oleg Vyacheslavovich Kucherov, a Russian suspected of ties to the Trickbot cybercrime group. Trickbot, active since 2016, enables malware for ransomware and other attacks, including against U.S. government entities, hospitals, and health centers. The Treasury previously sanctioned Trickbot members in February and September 2023. Mamashoyev and Kucherov had prior work links to Operation Zero and are designated to support Zelenyuk.
Advance Security Solutions, an exploit brokerage founded by Mamashoyev with operations in the UAE and Uzbekistan, faces sanctions for offering bounties on U.S. software. It is designated for control by or for Mamashoyev.
The actions block all U.S.-held property of the designated parties and require reporting to the Office of Foreign Assets Control. Entities 50% or more owned by blocked persons are also frozen. U.S. persons are generally barred from dealings involving their property without authorization.
Violations can lead to civil or criminal penalties, with civil fines possible on a strict liability basis. Financial institutions and others risk sanctions exposure for certain involvements. Prohibitions extend to providing or receiving funds, goods, or services to or from blocked persons.
The Treasury emphasized that sanctions aim to encourage behavioral change rather than just punishment and outlined processes for seeking removal from its lists.
