The U.S. Department of the Treasury has sanctioned a Russian exploit brokerage network accused of buying stolen U.S. government cyber tools with cryptocurrency and reselling them. This marks the first use of authorities under the Protecting American Intellectual Property Act. The network, led by Sergey Sergeyevich Zelenyuk, obtained at least eight proprietary tools from a U.S. defense contractor.
On February 24, 2026, the U.S. Treasury's Office of Foreign Assets Control announced sanctions against Sergey Sergeyevich Zelenyuk, his company Operation Zero, and several associates. Zelenyuk, based in St. Petersburg, Russia, is accused of building a business that acquires and sells exploits—tools exploiting software vulnerabilities for unauthorized access or data extraction.
The sanctioned tools include at least eight proprietary cyber tools developed by a U.S. defense contractor for exclusive use by the U.S. government and select allies. These were stolen by Peter Williams, an Australian national and former employee of the contractor. According to the Department of Justice, Williams stole the trade secrets between 2022 and 2025 and sold them to Operation Zero for millions of dollars in cryptocurrency. Williams pleaded guilty in October 2025 to two counts of theft of trade secrets following an investigation by the Justice Department and the Federal Bureau of Investigation.
The sanctions block any property or interests in property of the designated parties under U.S. jurisdiction and prohibit U.S. persons from transacting with them. They were issued under Executive Order 13694, targeting malicious cyber-enabled activities, and the Protecting American Intellectual Property Act, which addresses significant theft of U.S. trade secrets posing national security or economic threats. Zelenyuk and Operation Zero are the first sanctioned under this act.
Associates designated include Marina Evgenyevna Vasanovich, Zelenyuk's assistant; Special Technology Services LLC FZ, a United Arab Emirates-based firm controlled by Zelenyuk; Azizjon Makhmudovich Mamashoyev; and Oleg Vyacheslavovich Kucherov, suspected member of the Trickbot cybercrime group linked to ransomware attacks on U.S. agencies and healthcare providers.
Operation Zero advertised bounties worth millions in cryptocurrency for exploits targeting U.S.-built operating systems and encrypted messaging platforms. The firm did not disclose vulnerabilities to software companies and instead sold them to customers in non-NATO countries, including foreign intelligence services. It also sought to recruit hackers and develop ties with foreign intelligence via social media.
Treasury Secretary Scott Bessent stated, “If you steal U.S. trade secrets, we will hold you accountable.” He added that the designations reflect efforts to protect American intellectual property and national security, working alongside the Trump Administration.
