Treasury Sanctions Russian ‘Exploit’ Dealer Over Stolen US Cyber Instruments

The U.S. Treasury Division on Tuesday stated it has sanctioned a Russian dealer dealing in exploits, accused of promoting stolen U.S. authorities cyber instruments.

The sanctions focused Sergey Sergeyevich Zelenyuk and his St. Petersburg-based agency, Matrix LLC, also called “Operation Zero.”

The sanctions mark the primary use of the Defending American Mental Property Act to handle the theft and sale of digital commerce secrets and techniques, based on the Workplace of International Property Management.

“Zelenyuk and Operation Zero commerce in ‘exploits,’ items of code or strategies that reap the benefits of vulnerabilities in a pc program to permit customers to realize unauthorized entry, steal info, or take management of an digital system,” OFAC stated in a press release on Tuesday.

Operation Zero would then provide bounties to anybody who supplied exploits for U.S.-built software program, OFAC added.

Treasury additionally sanctioned Oleg Vyacheslavovich Kucherov, a suspected member of the Trickbot cybercrime gang, and Marina Evgenyevna Vasanovich, described as Zelenyuk’s assistant.

Launched in 2021, Operation Zero has provided multimillion-dollar bounties for vulnerabilities in working methods and encrypted messaging functions.

Operation Zero didn’t conceal its bounties, lots of which have been overtly printed on X. One bounty put up in November provided as much as $500,000 for an exploit focusing on Apple’s iOS 26. A bounty from March 2025 provided as much as $4 million for Telegram “full chain” exploits.

Operation Zero’s purchasers are “Russian personal and authorities organizations solely,” for these looking for to buy “analysis, merchandise, and software program code within the area of offensive safety,” based on a tough translation of the corporate’s web site.

“Zero-day acquisition is a well-liked and customary follow in lots of international locations these days,” the corporate stated in its FAQ. “It’s not solely rather more profitable than working with bug bounties and distributors however extra secure as properly,” including {that a} researcher who works with Operation Zero shouldn’t must commerce privateness and security for cash.

Operation Zero has stolen at the least eight proprietary “cyber instruments” developed for the unique use of the U.S. authorities and choose allies, based on the Treasury Division.

The U.S. State Division stated Tuesday in a separate assertion that the motion follows a Justice Division and FBI investigation into Peter Williams, an Australian nationwide and former worker of a U.S. protection contractor, who allegedly stole “eight commerce secret zero-day exploits” from 2022 by means of to 2025.

“These parts have been meant to be offered solely to the U.S. authorities and choose allies, the state division stated. “He offered these exploits to Operation Zero in alternate for $1.3 million in crypto funds.” Williams pleaded responsible in October of final 12 months to 2 counts of theft of commerce secrets and techniques.

Treasury stated the Russian firm has additionally labored to develop adware and AI-based instruments to extract private figuring out info and different delicate knowledge. It has additionally used social media to recruit hackers and construct relationships with overseas intelligence companies.

The Treasury Division and Operation Zero didn’t instantly reply to Decrypt’s requests for remark.