The U.S. Department of the Treasury has imposed sanctions on a Russian exploit brokerage network accused of purchasing stolen U.S. government cyber tools using cryptocurrency and selling them to unauthorized buyers. These sanctions are the first to be enforced under the Protecting American Intellectual Property Act. The Treasury’s Office of Foreign Assets Control targeted Russian national Sergei Sergeyevich Zelenyuk, his company Operation Zero, several associates, and affiliated entities. All their assets within U.S. jurisdiction have been blocked, and American citizens are prohibited from conducting business with them.
Operating from Saint Petersburg, Zelenyuk established a business trading exploits—tools that leverage software vulnerabilities to gain unauthorized access or extract information. Operation Zero acquired at least eight such cyber tools originally developed by a U.S. defense contractor for the American government and its allies. These tools were stolen by Australian citizen Peter Williams, a former contractor employee, who between 2022 and 2025 sold these trade secrets to Operation Zero for millions in cryptocurrency. Williams was convicted in two cases in October 2025.
Treasury Secretary Scott Bessent stated these measures aim to protect American intellectual property and national security, emphasizing accountability for anyone stealing U.S. trade secrets. The sanctions also invoke Executive Order 13694, which targets cyberattacks threatening U.S. security or economy. Additionally, the State Department imposed its first sanctions under the Protecting American Intellectual Property Act against foreign actors involved in stealing or exploiting U.S. trade secrets.
Further targets include Zelenyuk’s assistant Marina Evgenionna Vasanuch and UAE-based technology company Special Technology Services, along with two others accused of materially supporting the network. Operation Zero had offered cryptocurrency bounties worth millions to find exploits in U.S.-made operating systems and encrypted messaging platforms but sold discovered vulnerabilities to non-native clients and foreign intelligence agencies instead of reporting them to software companies.
While cryptocurrency facilitated the purchase and sale of these stolen tools, the Treasury did not identify specific crypto wallet addresses nor impose blockchain-based sanctions.
Source: bitcoinmagazine
