The U.S. Treasury Department has sanctioned a Russian exploitation broker network accused of buying stolen U.S. government cyber tools with crypto and reselling them to unauthorized buyers, marking the first use of new authorities under the Protecting American Intellectual Property Act.
In an announcement Tuesday, the Treasury Department’s Office of Foreign Assets Control designated Russian national Sergey Sergeyevich Zelenyuk and his company, Operation Zero, along with several associates and affiliated firms.
The action blocks any property or interests in property of the designated parties subject to US jurisdiction and prevents US persons from doing business with them.
Treasury claims that Zelenyuk, who operates from St. Petersburg, built a business that acquired and sold “exploits” — tools that exploit software vulnerabilities to gain unauthorized access to systems or extract data.
Among the exploits obtained by Operation Zero were at least eight proprietary cyber tools developed by a US defense supplier for the exclusive use of the US government and select allies.
These tools were stolen by Peter Williams, an Australian citizen and former employee of the contractor.
According to the Justice Department, Williams stole the trade secrets between 2022 and 2025 and sold them to Operation Zero in exchange for millions of dollars in cryptocurrency.
He pleaded guilty in October 2025 to two counts of theft of trade secrets following an investigation by the Department of Justice and the Federal Bureau of Investigation.
Scott Bessent: We will hold you accountable for stealing trade secrets
Treasury Secretary Scott Bessent said the designations reflect a broader effort to protect sensitive U.S. intellectual property and protect national security.
“If you steal American trade secrets, we will hold you accountable,” Bessent said.
The sanctions were issued pursuant to Executive Order 13694, as amended, which targets malicious cyber-enabled activities that threaten the national security, foreign policy, or economic stability of the United States.
In parallel, the State Department imposed sanctions under the Protecting American Intellectual Property Act, a law that allows for sanctions against foreign actors who engage in or benefit from significant theft of U.S. trade secrets when the conduct poses a national security or economic threat. Zelenyuk and Operation Zero are the first individuals sanctioned under this statute.
Treasury also named several associates of the network, including Marina Evgenyevna Vasanovich, described as Zelenyuk’s assistant, and Special Technology Services LLC FZ, a United Arab Emirates-based technology firm controlled by Zelenyuk.
Two additional individuals, Azizjon Makhmudovich Mamashoyev and Oleg Vyacheslavovich Kucherov, were sanctioned for providing material support. Treasury identified Kucherov as a suspected member of the Trickbot cybercrime group, a malware operation linked to ransomware attacks against US government agencies and healthcare providers.
Operation Zero announced bounties worth millions of dollars in crypto for exploits targeting widespread US-built operating systems and encrypted messaging platforms. The Treasury Department said the firm did not disclose discovered vulnerabilities to affected software companies and instead tried to sell them to customers in non-NATO countries, including foreign intelligence agencies.
While the Treasury stated that crypto facilitated the transactions for the stolen tools, it did not publish specific crypto wallet addresses or impose blockchain-specific designations.