{
    "id": 61802,
    "date": "2026-02-25T09:41:46",
    "date_gmt": "2026-02-25T02:41:46",
    "guid": {
        "rendered": "https:\/\/hbbgroup.net\/treasury-sanctions-russian-exploit-broker-over-stolen-us-cyber-tools\/"
    },
    "modified": "2026-02-25T09:41:46",
    "modified_gmt": "2026-02-25T02:41:46",
    "slug": "treasury-sanctions-russian-exploit-broker-over-stolen-us-cyber-tools",
    "status": "publish",
    "type": "post",
    "link": "https:\/\/hbbgroup.net\/en_us\/treasury-sanctions-russian-exploit-broker-over-stolen-us-cyber-tools\/",
    "title": {
        "rendered": "Treasury Sanctions Russian \u2018Exploit\u2019 Broker Over Stolen US Cyber Tools"
    },
    "content": {
        "rendered": "<div>\n<div>\n<h4 color=\"#333\">In brief<\/h4>\n<ul>\n<li>Treasury sanctions alleged Sergey Sergeyevich Zelenyuk and Operation Zero operated as a Russian exploit broker network.<\/li>\n<li>According to Regulators, the sanctions are the first actions under the new trade secrets sanctions law.<\/li>\n<li>The stolen &#8220;tools&#8221; were built for exclusive U.S. government use.<\/li>\n<\/ul>\n<\/div>\n<p>The U.S. Treasury Department on Tuesday said it has sanctioned a Russian broker dealing in exploits, accused of selling stolen U.S. government cyber tools.<\/p>\n<p>The sanctions targeted Sergey Sergeyevich Zelenyuk and his St. Petersburg-based firm, Matrix LLC, also known as \u201cOperation Zero.\u201d<\/p>\n<p>The sanctions mark the first use of the Protecting American Intellectual Property Act to address the theft and sale of digital trade secrets, according to the Office of Foreign Assets Control.<\/p>\n<p>\u201cZelenyuk and Operation Zero trade in &#8216;exploits,\u2019 pieces of code or techniques that take advantage of vulnerabilities in a computer program to allow users to gain unauthorized access, steal information, or take control of an electronic device,\u201d OFAC said in a <a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/sb0404\" target=\"_blank\" rel=\"noopener\">statement<\/a> on Tuesday.<\/p>\n<p>Operation Zero would then offer bounties to anyone who provided exploits for U.S.-built software, OFAC added.<\/p>\n<p>Treasury also sanctioned Oleg Vyacheslavovich Kucherov, a suspected member of the Trickbot cybercrime gang, and Marina Evgenyevna Vasanovich, described as Zelenyuk\u2019s assistant.<\/p>\n<p>Launched in 2021, Operation Zero has offered multimillion-dollar bounties for vulnerabilities in operating systems and encrypted messaging applications.<\/p>\n<p>Operation Zero did not hide its bounties, many of which were openly published on X. One bounty post in November offered up to <a href=\"https:\/\/x.com\/opzero_en\/status\/1994108281082486798?s=20\" target=\"_blank\" rel=\"noopener nofollow external\">$500,000<\/a> for an exploit targeting Apple\u2019s iOS 26. A bounty from March 2025 offered up to <a href=\"https:\/\/x.com\/opzero_en\/status\/1902665005675295186?s=20\" target=\"_blank\" rel=\"noopener nofollow external\">$4 million<\/a> for Telegram \u201cfull chain\u201d exploits.<\/p>\n<p>Operation Zero\u2019s clients are \u201cRussian private and government organizations only,\u201d for those seeking to purchase \u201cresearch, products, and software code in the field of offensive security,\u201d according to a rough translation of the company\u2019s website.<\/p>\n<p>\u201cZero-day acquisition is a popular and common practice in many countries nowadays,\u201d the company said in its FAQ. \u201cIt\u2019s not only much more lucrative than working with bug bounties and vendors but more safe as well,\u201d adding that a researcher who works with Operation Zero should not have to trade privacy and safety for money.<\/p>\n<p>Operation Zero has stolen at least eight proprietary \u201ccyber tools\u201d developed for the exclusive use of the U.S. government and select allies, according to the Treasury Department.<\/p>\n<p>The U.S. State Department said Tuesday in a separate <a href=\"https:\/\/www.state.gov\/releases\/office-of-the-spokesperson\/2026\/02\/designation-of-russia-based-zero-day-exploits-broker-and-affiliates-for-theft-of-u-s-trade-secrets\/\" target=\"_blank\" rel=\"noopener\">statement<\/a> that the action follows a Justice Department and FBI investigation into Peter Williams, an Australian national and former employee of a U.S. defense contractor, who allegedly stole \u201ceight trade secret zero-day exploits\u201d from 2022 through to 2025.<\/p>\n<p>\u201cThose components were meant to be sold exclusively to the U.S. government and select allies, the state department said. \u201cHe sold these exploits to Operation Zero in exchange for $1.3 million in crypto payments.\u201d Williams pleaded guilty in October of last year to two counts of theft of trade secrets.<\/p>\n<p>Treasury said the Russian company has also worked to develop spyware and AI-based tools to extract personal identifying information and other sensitive data. It has also used social media to recruit hackers and build relationships with foreign intelligence agencies.<\/p>\n<p>The Treasury Department and Operation Zero did not immediately respond to <i>Decrypt\u2019s<\/i> requests for comment.<\/p>\n<div>\n<h3>Daily Debrief Newsletter<\/h3>\n<p>Start every day with the top news stories right now, plus original features, a podcast, videos and more.<\/p>\n<\/div>\n<\/div>",
        "protected": false
    },
    "excerpt": {
        "rendered": "<p>In brief Treasury sanctions alleged Sergey Sergeyevich Zelenyuk and Operation Zero operated as a Russian exploit broker network. According to [&hellip;]<\/p>",
        "protected": false
    },
    "author": 5,
    "featured_media": 61803,
    "comment_status": "open",
    "ping_status": "open",
    "sticky": false,
    "template": "",
    "format": "standard",
    "meta": {
        "_acf_changed": false,
        "footnotes": ""
    },
    "categories": [
        220
    ],
    "tags": [],
    "class_list": [
        "post-61802",
        "post",
        "type-post",
        "status-publish",
        "format-standard",
        "has-post-thumbnail",
        "hentry",
        "category-tien-dien-tu"
    ],
    "acf": [],
    "_links": {
        "self": [
            {
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/posts\/61802",
                "targetHints": {
                    "allow": [
                        "GET"
                    ]
                }
            }
        ],
        "collection": [
            {
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/posts"
            }
        ],
        "about": [
            {
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/types\/post"
            }
        ],
        "author": [
            {
                "embeddable": true,
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/users\/5"
            }
        ],
        "replies": [
            {
                "embeddable": true,
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/comments?post=61802"
            }
        ],
        "version-history": [
            {
                "count": 0,
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/posts\/61802\/revisions"
            }
        ],
        "wp:featuredmedia": [
            {
                "embeddable": true,
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/media\/61803"
            }
        ],
        "wp:attachment": [
            {
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/media?parent=61802"
            }
        ],
        "wp:term": [
            {
                "taxonomy": "category",
                "embeddable": true,
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/categories?post=61802"
            },
            {
                "taxonomy": "post_tag",
                "embeddable": true,
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/tags?post=61802"
            }
        ],
        "curies": [
            {
                "name": "wp",
                "href": "https:\/\/api.w.org\/{rel}",
                "templated": true
            }
        ]
    }
}