The U.S. Department of the Treasury has sanctioned a Russian exploit brokerage network accused of purchasing stolen U.S. government cyber tools with crypto and reselling them to unauthorized buyers, marking the first use of new authorities under the Protecting American Intellectual Property Act.
In an announcement Tuesday, the Treasury’s Office of Foreign Assets Control designated Russian national, Sergey Sergeyevich Zelenyuk, and his company, Operation Zero, along with several associates and affiliated firms.
The action blocks any property or interests in property of the designated parties that fall under U.S. jurisdiction and bars U.S. persons from transacting with them.
Treasury alleges that Zelenyuk, operating from St. Petersburg, built a business acquiring and selling “exploits” — tools that take advantage of software vulnerabilities to gain unauthorized access to systems or extract data.
Among the exploits obtained by Operation Zero were at least eight proprietary cyber tools developed by a U.S. defense contractor for the exclusive use of the U.S. government and select allies.
Those tools were stolen by Peter Williams, an Australian national and former employee of the contractor.
According to the Department of Justice, Williams stole the trade secrets between 2022 and 2025 and sold them to Operation Zero in exchange for millions of dollars in cryptocurrency.
He pleaded guilty in October 2025 to two counts of theft of trade secrets following an investigation by the Justice Department and the Federal Bureau of Investigation.
Scott Bessent: We will hold you accountable for stealing trade secrets
Treasury Secretary Scott Bessent said the designations reflect a broader effort to protect sensitive American intellectual property and safeguard national security.
“If you steal U.S. trade secrets, we will hold you accountable,” Bessent said.
The sanctions were issued pursuant to Executive Order 13694, as amended, which targets malicious cyber-enabled activities that threaten U.S. national security, foreign policy, or economic stability.
In parallel, the State Department imposed sanctions under the Protecting American Intellectual Property Act, a law that provides for penalties against foreign actors who engage in or benefit from significant theft of U.S. trade secrets when the conduct poses a national security or economic threat. Zelenyuk and Operation Zero are the first individuals sanctioned under that statute.
Treasury also designated several associates tied to the network, including Marina Evgenyevna Vasanovich, described as Zelenyuk’s assistant, and Special Technology Services LLC FZ, a United Arab Emirates-based technology firm controlled by Zelenyuk.
Two additional individuals, Azizjon Makhmudovich Mamashoyev and Oleg Vyacheslavovich Kucherov, were sanctioned for providing material support. Treasury identified Kucherov as a suspected member of the Trickbot cybercrime group, a malware operation linked to ransomware attacks against U.S. government agencies and healthcare providers.
Operation Zero advertised bounties worth millions of dollars in crypto for exploits targeting widely used U.S.-built operating systems and encrypted messaging platforms. Treasury said the firm did not disclose discovered vulnerabilities to affected software companies and instead sought to sell them to customers in non-NATO countries, including foreign intelligence services.
While Treasury stated that crypto facilitated the transactions for the stolen tools, it did not publish specific crypto wallet addresses or impose blockchain-specific designations.