The U.S. Department of the Treasury has sanctioned a Russian exploit brokerage network for purchasing stolen U.S. government cyber tools with cryptocurrency and reselling them, marking the first action under the Protecting American Intellectual Property Act.
The Treasury’s Office of Foreign Assets Control designated Russian national Sergey Sergeyevich Zelenyuk and his company Operation Zero, blocking their U.S.-linked property and prohibiting U.S. persons from transacting with them.
“If you steal U.S. trade secrets, we will hold you accountable,”
Said Treasury Secretary, Scott Bessent.
Treasury alleged that Zelenyuk, operating from St. Petersburg, built a business acquiring and selling software “exploits”, including at least eight proprietary cyber tools developed by a U.S. defence contractor exclusively for the U.S. government and select allies.
According to the Department of Justice, former contractor employee Peter Williams stole the trade secrets between 2022 and 2025 and sold them to Operation Zero for millions of dollars in cryptocurrency, later pleading guilty in October 2025 to two counts of theft of trade secrets following an investigation by the Justice Department and the Federal Bureau of Investigation.
The sanctions were issued under Executive Order 13694, as amended, while the State Department also imposed penalties under the Protecting American Intellectual Property Act, with Zelenyuk and Operation Zero becoming the first individuals designated under that statute.
Treasury further sanctioned several associates, including Marina Evgenyevna Vasanovich, Special Technology Services FZ in the United Arab Emirates, Azizjon Makhmudovich Mamashoyev and alleged Trickbot member Oleg Vyacheslavovich Kucherov, noting that Operation Zero advertised multi-million-dollar crypto bounties for vulnerabilities in widely used U.S.-built operating systems and messaging platforms without disclosing them to affected companies.