The U.S. Treasury Department has sanctioned a Russian exploit intermediary network accused of purchasing stolen U.S. government cyber tools with cryptocurrency and reselling them to unauthorized buyers, the first use of new authorities under the U.S. Intellectual Property Protection Act.
In an announcement Tuesday, the Treasury Department’s Office of Foreign Assets Control designated Russian national Sergei Sergeevich Zelenyuk and his company, Operation Zero, as well as several affiliates and affiliates.
The action blocks the designated parties’ property or ownership interests from being subject to U.S. jurisdiction and prohibits U.S. persons from doing business with the designated parties.
The Treasury alleges Zelenyuk, based in St. Petersburg, has built a business that acquires and sells “exploits” – tools that exploit software vulnerabilities to gain unauthorized access to systems or extract data.
Among the exploits obtained by Operation Zero were at least eight proprietary cyber tools developed by U.S. defense contractors for use only by the U.S. government and some allies.
The tools were stolen by Peter Williams, an Australian national and former employee of the contractor.
According to the Department of Justice, between 2022 and 2025, Williams stole trade secrets and sold them to Operation Zero in exchange for millions of dollars in cryptocurrency.
He pleaded guilty in October 2025 to two counts of trade secret theft following an investigation by the Department of Justice and the Federal Bureau of Investigation.
Scott Bessent: Holding accountable for stealing trade secrets
Treasury Secretary Scott Bessent said the designation reflects broader efforts to protect America’s sensitive intellectual property and protect national security.
“If you steal American trade secrets, we will hold you accountable,” Bessent said.
The sanctions were issued under Executive Order 13694, as amended, which targets malicious cyber-enabled activities that threaten the national security, foreign policy, or economic stability of the United States.
In parallel, the State Department imposed sanctions under the U.S. Intellectual Property Protection Act. This law provides penalties for foreign parties who engage in significant theft of U.S. trade secrets or benefit from such conduct if it poses a national security or economic threat. Zelenyuk and Operation Zero are the first individuals to be sanctioned under the law.
The Treasury Department also named several people connected to the network, including Zelenyuk’s alleged assistant Marina Evgenievna Vasanovich and Special Technology Services LLC FZ, a United Arab Emirates-based technology company controlled by Zelenyuk.
In addition, two people, Adishon Mahmudovich Mamashoev and Oleg Vyacheslavovich Kucherov, were sanctioned for providing material support. The Treasury Department identified Mr. Kucherov as a suspected member of the Trickbot cybercriminal group, a malware operation associated with ransomware attacks against U.S. government agencies and health care providers.
Operation Zero advertised rewards worth millions of dollars in cryptocurrency for exploits targeting widely used US-made operating systems and encrypted messaging platforms. The Treasury Department said the company did not disclose the discovered vulnerabilities to affected software companies and instead tried to sell them to customers in non-NATO countries, including foreign intelligence agencies.
The Treasury Department said that cryptocurrencies facilitated trading in stolen tools, but did not publish specific cryptocurrency wallet addresses or impose blockchain-specific designations.
