The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Russian zero-day exploit brokerage Operation Zero (also known as Matrix LLC) and its owner, Sergey Sergeyevich Zelenyuk.
The move marks the first time the United States has invoked the Protecting American Intellectual Property Act (PAIPA) to penalize parties involved in stealing trade secrets from U.S. entities.
How the Operation Worked
The sanctions follow a multi-year investigation into the theft of highly sensitive cybersecurity tools.
Between 2022 and 2025, Peter Williams, an Australian national and former executive at defense contractor L3Harris (Trenchant unit), stole at least eight proprietary zero-day exploits. These tools had been developed exclusively for use by the U.S. government and allied partners.
Williams allegedly sold the stolen exploits to Operation Zero in exchange for between $1.3 million and $2 million in cryptocurrency.
Authorities say Operation Zero then resold the exploits to unauthorized buyers, including foreign intelligence services in non-NATO countries.
Additional Sanctions
Beyond Operation Zero and Zelenyuk, Treasury also designated several affiliated individuals and entities.
Marina Vasanovich, described as Zelenyuk’s assistant, was sanctioned alongside Special Technology Services LLC FZ, a UAE-based firm reportedly controlled by Zelenyuk.
Azizjon Mamashoev and Oleg Kucherov were also designated for allegedly providing material support. Kucherov is identified as a suspected member of the TrickBot cybercrime group.
Advance Security Solutions, another exploit brokerage accused of running a similar bounty-style program targeting U.S. software vulnerabilities, was also sanctioned.
Criminal Sentencing
In parallel with the sanctions, a U.S. federal judge sentenced Peter Williams to seven years and three months in prisonfor his role in stealing and selling the zero-day exploits.
Treasury Secretary Scott Bessent stated that the action underscores the administration’s commitment to protecting U.S. intellectual property and safeguarding national security.
Why This Matters
The case highlights the increasing use of cryptocurrency in illicit cyber markets, particularly for the trade of zero-day vulnerabilities.
It also signals a stronger U.S. stance against exploit brokerages operating across borders, and sets a precedent for future enforcement under intellectual property protection statutes.
