The U.S. Department of the Treasury has taken a significant step in the fight against cybercrime by sanctioning a Russian exploit brokerage network, marking the first use of new authorities under the Protecting American Intellectual Property Act. In a bold move, the Treasury’s Office of Foreign Assets Control (OFAC) designated Sergey Sergeyevich Zelenyuk and his company, Operation Zero, along with several associates and affiliated firms, effectively cutting them off from the U.S. financial system and warning other potential offenders.
A Web of Cyber Espionage
The sanctions target a sophisticated operation led by Zelenyuk, who is accused of building a business around the acquisition and resale of ‘exploits’—tools designed to exploit software vulnerabilities. Among the most alarming aspects of this case is the theft of at least eight proprietary cyber tools developed by a U.S. defense contractor for exclusive use by the U.S. government and select allies. These tools were stolen by Peter Williams, an Australian national and former contractor employee, who sold them to Operation Zero in exchange for millions of dollars in cryptocurrency.
The Role of Cryptocurrency
Williams pleaded guilty in October 2025 to two counts of theft of trade secrets following a joint investigation by the Department of Justice and the Federal Bureau of Investigation. The use of cryptocurrency to facilitate these illegal transactions highlights the evolving nature of cybercrime and the challenges it poses to law enforcement. Treasury Secretary Scott Bessent emphasized the government’s commitment to holding cybercriminals accountable, stating, “If you steal U.S. trade secrets, we will hold you accountable.”
International Impact
The sanctions were issued under Executive Order 13694, as amended, which targets malicious cyber-enabled activities threatening U.S. national security, foreign policy, or economic stability. In a parallel move, the State Department imposed sanctions under the Protecting American Intellectual Property Act, a law designed to penalize foreign actors engaged in significant theft of U.S. trade secrets. Zelenyuk and Operation Zero are the first to be sanctioned under this statute, setting a precedent for future actions.
Network of Associates
OFAC also sanctioned several associates linked to the network, including Marina Evgenyevna Vasanovich, described as Zelenyuk’s assistant, and Special Technology Services LLC FZ, a technology firm based in the United Arab Emirates and controlled by Zelenyuk. Two additional individuals, Azizjon Makhmudovich Mamashoyev and Oleg Vyacheslavovich Kucherov, were sanctioned for providing material support. Kucherov is suspected of being a member of the Trickbot cybercrime group, which has been linked to ransomware attacks against U.S. government agencies and healthcare providers.
Broader Implications
Operation Zero’s business model involved advertising bounties worth millions of dollars in cryptocurrency for exploits targeting widely used U.S.-built operating systems and encrypted messaging platforms. The firm did not disclose discovered vulnerabilities to affected software companies but instead sought to sell them to customers in non-NATO countries, including foreign intelligence services. While the Treasury did not publish specific crypto wallet addresses or impose blockchain-specific designations, the action sends a clear message to the global cybercrime community.
This move by the U.S. Treasury is a significant step in the ongoing battle against cyber threats and the misuse of cryptocurrency. As cybercriminals continue to evolve, the U.S. government is adapting its strategies to protect sensitive intellectual property and maintain national security. The sanctions on Zelenyuk and Operation Zero serve as a stark warning to others who might consider engaging in similar activities.
About the Author
