The U.S. Division of the Treasury has sanctioned a Russian exploit brokerage community accused of buying stolen U.S. authorities cyber instruments with crypto and reselling them to unauthorized consumers, marking the primary use of recent authorities beneath the Defending American Mental Property Act.
In an announcement Tuesday, the Treasury’s Workplace of International Belongings Management designated Russian nationwide, Sergey Sergeyevich Zelenyuk, and his firm, Operation Zero, together with a number of associates and affiliated corporations.
The motion blocks any property or pursuits in property of the designated events that fall beneath U.S. jurisdiction and bars U.S. individuals from transacting with them.
Treasury alleges that Zelenyuk, working from St. Petersburg, constructed a enterprise buying and promoting “exploits” — instruments that benefit from software program vulnerabilities to realize unauthorized entry to methods or extract information.
Among the many exploits obtained by Operation Zero have been at the very least eight proprietary cyber instruments developed by a U.S. protection contractor for the unique use of the U.S. authorities and choose allies.
These instruments have been stolen by Peter Williams, an Australian nationwide and former worker of the contractor.
In line with the Division of Justice, Williams stole the commerce secrets and techniques between 2022 and 2025 and offered them to Operation Zero in alternate for thousands and thousands of {dollars} in cryptocurrency.
He pleaded responsible in October 2025 to 2 counts of theft of commerce secrets and techniques following an investigation by the Justice Division and the Federal Bureau of Investigation.
Scott Bessent: We’ll maintain you accountable for stealing commerce secrets and techniques
Treasury Secretary Scott Bessent mentioned the designations mirror a broader effort to guard delicate American mental property and safeguard nationwide safety.
“When you steal U.S. commerce secrets and techniques, we’ll maintain you accountable,” Bessent mentioned.
The sanctions have been issued pursuant to Government Order 13694, as amended, which targets malicious cyber-enabled actions that threaten U.S. nationwide safety, international coverage, or financial stability.
In parallel, the State Division imposed sanctions beneath the Defending American Mental Property Act, a legislation that gives for penalties in opposition to international actors who interact in or profit from important theft of U.S. commerce secrets and techniques when the conduct poses a nationwide safety or financial risk. Zelenyuk and Operation Zero are the primary people sanctioned beneath that statute.
Treasury additionally designated a number of associates tied to the community, together with Marina Evgenyevna Vasanovich, described as Zelenyuk’s assistant, and Particular Know-how Providers LLC FZ, a United Arab Emirates-based know-how agency managed by Zelenyuk.
Two further people, Azizjon Makhmudovich Mamashoyev and Oleg Vyacheslavovich Kucherov, have been sanctioned for offering materials help. Treasury recognized Kucherov as a suspected member of the Trickbot cybercrime group, a malware operation linked to ransomware assaults in opposition to U.S. authorities companies and healthcare suppliers.
Operation Zero marketed bounties value thousands and thousands of {dollars} in crypto for exploits focusing on extensively used U.S.-built working methods and encrypted messaging platforms. Treasury mentioned the agency didn’t disclose found vulnerabilities to affected software program corporations and as a substitute sought to promote them to prospects in non-NATO nations, together with international intelligence companies.
Whereas Treasury acknowledged that crypto facilitated the transactions for the stolen instruments, it didn’t publish particular crypto pockets addresses or impose blockchain-specific designations.
The U.S. Division of the Treasury has sanctioned a Russian exploit brokerage community accused of buying stolen U.S. authorities cyber instruments with crypto and reselling them to unauthorized consumers, marking the primary use of recent authorities beneath the Defending American Mental Property Act.
In an announcement Tuesday, the Treasury’s Workplace of International Belongings Management designated Russian nationwide, Sergey Sergeyevich Zelenyuk, and his firm, Operation Zero, together with a number of associates and affiliated corporations.
The motion blocks any property or pursuits in property of the designated events that fall beneath U.S. jurisdiction and bars U.S. individuals from transacting with them.
Treasury alleges that Zelenyuk, working from St. Petersburg, constructed a enterprise buying and promoting “exploits” — instruments that benefit from software program vulnerabilities to realize unauthorized entry to methods or extract information.
Among the many exploits obtained by Operation Zero have been at the very least eight proprietary cyber instruments developed by a U.S. protection contractor for the unique use of the U.S. authorities and choose allies.
These instruments have been stolen by Peter Williams, an Australian nationwide and former worker of the contractor.
In line with the Division of Justice, Williams stole the commerce secrets and techniques between 2022 and 2025 and offered them to Operation Zero in alternate for thousands and thousands of {dollars} in cryptocurrency.
He pleaded responsible in October 2025 to 2 counts of theft of commerce secrets and techniques following an investigation by the Justice Division and the Federal Bureau of Investigation.
Scott Bessent: We’ll maintain you accountable for stealing commerce secrets and techniques
Treasury Secretary Scott Bessent mentioned the designations mirror a broader effort to guard delicate American mental property and safeguard nationwide safety.
“When you steal U.S. commerce secrets and techniques, we’ll maintain you accountable,” Bessent mentioned.
The sanctions have been issued pursuant to Government Order 13694, as amended, which targets malicious cyber-enabled actions that threaten U.S. nationwide safety, international coverage, or financial stability.
In parallel, the State Division imposed sanctions beneath the Defending American Mental Property Act, a legislation that gives for penalties in opposition to international actors who interact in or profit from important theft of U.S. commerce secrets and techniques when the conduct poses a nationwide safety or financial risk. Zelenyuk and Operation Zero are the primary people sanctioned beneath that statute.
Treasury additionally designated a number of associates tied to the community, together with Marina Evgenyevna Vasanovich, described as Zelenyuk’s assistant, and Particular Know-how Providers LLC FZ, a United Arab Emirates-based know-how agency managed by Zelenyuk.
Two further people, Azizjon Makhmudovich Mamashoyev and Oleg Vyacheslavovich Kucherov, have been sanctioned for offering materials help. Treasury recognized Kucherov as a suspected member of the Trickbot cybercrime group, a malware operation linked to ransomware assaults in opposition to U.S. authorities companies and healthcare suppliers.
Operation Zero marketed bounties value thousands and thousands of {dollars} in crypto for exploits focusing on extensively used U.S.-built working methods and encrypted messaging platforms. Treasury mentioned the agency didn’t disclose found vulnerabilities to affected software program corporations and as a substitute sought to promote them to prospects in non-NATO nations, together with international intelligence companies.
Whereas Treasury acknowledged that crypto facilitated the transactions for the stolen instruments, it didn’t publish particular crypto pockets addresses or impose blockchain-specific designations.
