The U.S. Treasury Department has sanctioned a Russia-based “exploit broker” and its affiliates in a high-profile national security action targeting the theft and sale of proprietary U.S. government IT tools, officials said Tuesday.
Operation Zero blacklisted by the United States
This designation marks the first use of the United States Intellectual Property Protection Act (PAIPA) in a sanctions case aimed at combating the theft of digital trade secrets.
The Treasury’s Office of Foreign Assets Control (OFAC) has placed Russian national Sergei Sergeyevich Zelenyuk and his St. Petersburg-based company Matrix LLC, also known as Operation Zero, on the Specially Designated Nationals (SDN) list, along with five associated individuals and entities.
The sanctions target the acquisition and redistribution of “exploits,” specialized computer code that can be used to take advantage of vulnerabilities in widely used software.
At least eight U.S. government cyber tools developed for defense and intelligence purposes were stolen from a U.S. company and allegedly sold by Operation Zero to unauthorized actors, according to the Treasury.
In its statement, Treasury said Zelenyuk and his network offered substantial bounties to obtain exploits and then monetized the technology to buyers in Russia and elsewhere. Federal officials have expressed concern that such tools could be used for criminal or espionage purposes, including ransomware and other destabilizing cyber operations.
The sanctions also target individuals linked to the group’s operations, including a UAE-based affiliate and suspected members of the Trickbot cybercrime gang, previously sanctioned for other actions.
Under U.S. Sanctions Law, the property and interests of SDN designees within U.S. jurisdiction are blocked, and U.S. citizens are generally prohibited from transacting with them.
The action is part of an ongoing criminal investigation by the Justice Department and the FBI into a former employee of a U.S. defense contractor who pleaded guilty last year to stealing cyber tools and selling them for cryptocurrency.
Treasury officials said the sanctions are intended to deter future theft of U.S. intellectual property that could threaten national security, underscoring Washington’s broader strategy to hold foreign cyber actors accountable through economic and financial tools.