The US Treasury Department has sanctioned a Russian exploit brokerage network accused of purchasing stolen US government cyber tools with cryptocurrency and reselling them to unauthorized buyers, marking the first use of new authorities under the US Intellectual Property Protection Act.
In an announcement Tuesday, the Treasury’s Office of Foreign Assets Control designated Russian national Sergey Sergeyevich Zelenyuk and his company, Operation Zero, along with several associates and affiliated companies.
The action blocks any property or interest in property of the designated parties that is under U.S. jurisdiction and prohibits U.S. persons from transacting with them.
The Treasury alleges that Zelenyuk, operating out of St. Petersburg, created a business acquiring and selling “exploits,” tools that take advantage of software vulnerabilities to gain unauthorized access to systems or extract data.
Among the exploits obtained by Operation Zero were at least eight proprietary cyber tools developed by a US defense contractor for exclusive use by the US government and select allies.
Those tools were stolen by Peter Williams, an Australian citizen and former employee of the contractor.
According to the Department of Justice, Williams stole the trade secrets between 2022 and 2025 and sold them to Operation Zero in exchange for millions of dollars in cryptocurrency.
He pleaded guilty in October 2025 to two counts of theft of trade secrets following an investigation by the Department of Justice and the Federal Bureau of Investigation.
Scott Bessent: We will hold you accountable for stealing trade secrets
Treasury Secretary Scott Bessent said the designations reflect a broader effort to protect sensitive American intellectual property and safeguard national security.
“If you steal American trade secrets, we will hold you accountable,” Bessent said.
The sanctions were issued pursuant to Executive Order 13694, as amended, which targets malicious cyber activities that threaten the national security, foreign policy, or economic stability of the United States.
In parallel, the State Department imposed sanctions under the American Intellectual Property Protection Act, a law that provides sanctions against foreign actors who engage in or benefit from significant theft of American trade secrets when the conduct poses an economic or national security threat. Zelenyuk and Operation Zero are the first individuals sanctioned under that statute.
The Treasury also named several associates linked to the network, including Marina Evgenyevna Vasanovich, described as Zelenyuk’s assistant, and Special Technology Services LLC FZ, a United Arab Emirates-based technology company controlled by Zelenyuk.
Two other people, Azizjon Makhmudovich Mamashoyev and Oleg Vyacheslavovich Kucherov, were sanctioned for providing material support. Treasury identified Kucherov as an alleged member of the Trickbot cybercrime group, a malware operation linked to ransomware attacks against US government agencies and healthcare providers.
Operation Zero announced rewards worth millions of dollars in cryptocurrency for exploits targeting widely used operating systems and encrypted messaging platforms built in the United States. The Treasury said the company did not disclose the discovered vulnerabilities to affected software companies and instead attempted to sell them to customers in non-NATO countries, including foreign intelligence services.
While the Treasury stated that cryptocurrencies facilitated transactions of the stolen tools, it did not publish specific crypto wallet addresses or impose specific blockchain designations.
