U.S. Treasury sanctions Operation Zero over stolen cyber tools

The U.S. Department of the Treasury has sanctioned a Russia-based cyber “exploit broker” and its affiliates in a high-profile national security action targeting the theft and sale of proprietary U.S. government cyber tools, officials announced Tuesday.

Operation Zero blacklisted by U.S.

The designation marks the first use of the Protecting American Intellectual Property Act (PAIPA) in a sanctions case aimed at combatting digital trade-secret theft.

The Treasury’s Office of Foreign Assets Control (OFAC) placed Russian national Sergey Sergeyevich Zelenyuk and his St. Petersburg-based company Matrix LLC, also known as Operation Zero, on the Specially Designated Nationals (SDN) list, along with five associated individuals and entities.

The sanctions target the acquisition and redistribution of “exploits,” specialized computer code that can be used to take advantage of vulnerabilities in widely used software.

According to the Treasury, at least eight U.S. government cyber tools developed for defense and intelligence use were stolen from a U.S. company and allegedly sold by Operation Zero to unauthorized actors.

In its announcement, the Treasury said that Zelenyuk and his network offered substantial bounties to obtain exploits and then monetized the tech with buyers in Russia and elsewhere. Federal officials have expressed concern that such tools could be used for criminal activity or espionage, including ransomware and other destabilizing cyber operations.

The sanctions also encompass individuals linked to the group’s operations, including an affiliate company based in the United Arab Emirates and suspected members of the Trickbot cybercrime gang, previously sanctioned in other actions.

Under U.S. sanctions law, the property and interests of SDN-designated persons within U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them.

The action works in tandem with an ongoing criminal investigation by the Department of Justice and FBI into a former U.S. defense contractor employee who pleaded guilty last year to stealing the cyber tools and selling them for cryptocurrency.

Treasury officials said the sanctions aim to deter future theft of American intellectual property that could threaten national security, underscoring Washington’s broader strategy to hold foreign cyber actors accountable through economic and financial tools.