US Treasury sanctions Russian 'exploit broker'…uncovers $1.3 million in crypto transactions
Summary
- The Treasury’s Office of Foreign Assets Control (OFAC) said it has designated Russia-based broker network Operation Zero and others for sanctions.
- Authorities said Australian national Peter Williams sold eight stolen “zero-day” exploits from a US defense contractor to Operation Zero and received $1.3 million in virtual assets (cryptocurrency).
- Officials said Operation Zero has been involved in offering multimillion-dollar bounties, developing spyware and AI-based personal-data collection tools, and building ties with foreign intelligence agencies.
The US Treasury Department has imposed sanctions on a Russia-based broker network accused of stealing and brokering cyber tools reserved for the US government.
According to Decrypt on the 24th (local time), the Treasury’s Office of Foreign Assets Control (OFAC) said it has designated Sergey Sergeyevich Zelenyuk and St. Petersburg-based Matrix LLC, known as “Operation Zero,” for sanctions. The move marks the first application of the Protecting American Intellectual Property Act, which targets the theft and sale of digital trade secrets.
OFAC said “Zelenyuk and Operation Zero traded in ‘exploits’—code or techniques that leverage software vulnerabilities to enable unauthorized access, data theft, or device control.” Operation Zero is reported to have offered bounties to those providing information on vulnerabilities in US-made software.
The Treasury also sanctioned Oleg Vyacheslavovich Kucherov, suspected of ties to the TrickBot cybercrime group, and Marina Yevgenyevna Basanovich, identified as Zelenyuk’s aide.
Since its launch in 2021, Operation Zero has offered bounties worth millions of dollars for multiple vulnerabilities. In March 2025, it offered up to $4 million for a Telegram “full chain” exploit, and in November up to $500,000 for vulnerabilities targeting Apple iOS 26. The company’s website states that its customers are limited to Russian private and government entities.
The US State Department said the sanctions are a follow-on measure stemming from investigations by the Justice Department and the Federal Bureau of Investigation (FBI). Investigators allege that Australian national Peter Williams, who worked at a US defense contractor from 2022 to 2025, stole eight “zero-day” exploits and sold them to Operation Zero. He is said to have received $1.3 million in virtual assets (cryptocurrency) and pleaded guilty last October to two counts of trade-secret theft.
The Treasury said Operation Zero obtained at least eight proprietary cyber tools developed exclusively for the US government and certain allies. It also said the firm was involved in developing spyware and AI-based personal-data collection tools, recruited hackers via social media, and built relationships with foreign intelligence services.
YM Lee
20min@bloomingbit.ioCrypto Chatterbox_ tlg@Bloomingbit_YMLEE
![Anthropic says “improvement, not software disruption”... All three major indexes rebound [New York stock market briefing]](https://media.bloomingbit.io/PROD/news/f8af9420-9daf-4312-801d-038b3297a661.webp?w=250)
