The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has announced sanctions against Sergey Sergeyevich Zelenyuk and his company, Matrix LLC, which operates as Operation Zero. The action also targets five associated individuals and entities for their involvement in acquiring and distributing cyber tools that pose a risk to U.S. national security.
Operation Zero is known for trading in “exploits,” or code that takes advantage of software vulnerabilities to gain unauthorized access or control over electronic devices. The company has offered rewards for exploits targeting U.S.-built software and acquired at least eight proprietary cyber tools originally created for exclusive use by the U.S. government and select allies. These tools were stolen from a U.S. company and subsequently sold to unauthorized users.
“If you steal U.S. trade secrets, we will hold you accountable,” said Secretary of the Treasury Scott Bessent. “Treasury will continue to work alongside the rest of the Trump Administration to protect sensitive American intellectual property and safeguard our national security.”
This enforcement coincides with an ongoing investigation by the Department of Justice and the Federal Bureau of Investigation into Peter Williams, an Australian national and former employee of the affected U.S. company. Williams pleaded guilty on October 29, 2025, to two counts of theft of trade secrets after stealing several proprietary cyber tools between 2022 and 2025 and selling them to Operation Zero in exchange for millions paid in cryptocurrencies.
OFAC designated Zelenyuk, Operation Zero, and their affiliates under Executive Order 13694 (as amended), which targets those responsible for cyber-enabled activities that threaten U.S. national security or economic stability through theft or misuse of intellectual property or other confidential information.
In parallel with OFAC’s action, the Department of State sanctioned Zelenyuk, Operation Zero, and Special Technology Services LLC FZ (STS), a UAE-based technology firm affiliated with Zelenyuk, under the Protecting American Intellectual Property Act (PAIPA). This marks the first use of PAIPA sanctions against individuals who have engaged in significant thefts of trade secrets likely to threaten U.S. interests.
Russian national Zelenyuk has operated as an exploit broker since 2021 through his St. Petersburg-based company Operation Zero, offering substantial bounties for exploits targeting widely used software systems including those built in the United States. The company does not disclose discovered vulnerabilities to software developers but instead sells them—primarily to non-NATO customers—and has attempted sales to foreign intelligence agencies.
Operation Zero has also worked on developing spyware and techniques for extracting personal data from artificial intelligence applications such as large language models while recruiting hackers via social media platforms.
Among those sanctioned are Marina Evgenyevna Vasanovich, identified as Zelenyuk’s assistant; STS; Azizjon Makhmudovich Mamashoyev; Oleg Vyacheslavovich Kucherov—a Russian national suspected to be part of the Trickbot cybercrime group; and Advance Security Solutions, another exploit brokerage firm established by Mamashoyev with operations in both UAE and Uzbekistan.
Kucherov is linked to Trickbot—a malware suite used since 2016 by its namesake gang for various malicious activities including ransomware attacks on U.S. government agencies as well as hospitals nationwide.
Following these designations, all property belonging to named individuals or entities within U.S jurisdiction is blocked, along with any assets held by organizations owned at least 50 percent by one or more blocked persons. Transactions involving these parties are generally prohibited without specific authorization from OFAC.
Violations may result in civil or criminal penalties under strict liability standards enforced by OFAC guidelines. Financial institutions or others engaging with designated parties could face additional sanctions risks related to providing funds or services directly or indirectly connected with blocked persons.
According to OFAC guidance, those listed can petition for removal if circumstances change; details on this process are available through official channels.
###
