The US Department of the Treasury announced that its Office of Foreign Assets Control (OFAC) has designated Russian national Sergey Sergeyevich Zelenyuk and his company, Matrix LLC, which does business as Operation Zero, for their role in buying and distributing cyber tools deemed harmful to US national security.
Officials said Zelenyuk and Operation Zero brokered the sale of exploits for software vulnerabilities to gain unauthorized access to systems, steal sensitive information, or seize control of devices. The company allegedly offered financial rewards for exploits targeting US-built software and acquired at least eight proprietary cyber tools stolen from a US defense contractor that were developed exclusively for use by the US government and select allies.
According to Treasury, Operation Zero sold the stolen tools to at least one unauthorized user. The action coincides with a separate investigation by the US Department of Justice and the Federal Bureau of Investigation into Peter Williams, an Australian national and former employee of the affected US company.
Williams pleaded guilty on October 29, 2025, to two counts of theft of trade secrets. Prosecutors said that between 2022 and 2025, he stole eight trade secret zero-day exploits and sold them to Operation Zero for approximately $1.3 million in cryptocurrency. This week, Williams was sentenced to over seven years in prison.
Treasury further identified Operation Zero as a Russian cyber-tools broker that has publicly advertised exploit sales to various customers, including the Russian government. Zelenyuk also established a United Arab Emirates–based entity, Special Technology Services LLC FZ (STS), allegedly in part to circumvent US sanctions on Russian financial institutions.
Treasury determined that Zelenyuk, Operation Zero, and STS knowingly engaged in or benefited from significant theft of US trade secrets, conduct that materially threatens US national security and economic stability. The designations were issued pursuant to Executive Order 13694, as amended by Executive Order 14306.
Interestingly, sanctions also target two Trickbot members, Azizjon Makhmudovich Mamashoyev and Oleg Vyacheslavovich Kucherov, who allegedly helped Operation Zero and Zelenyuk, as well as their own exploit brokerage firm Advance Security Solutions.
As a result of the action, all property and interests in property of the designated parties within US jurisdiction are blocked. US persons are generally prohibited from conducting transactions with them, and foreign individuals or entities that engage in certain dealings with the sanctioned parties risk exposure to secondary sanctions.