The U.S. Treasury Department Sanctions Russian Exploit Broker Linked to Stolen Hacking Tools

The U.S. Treasury Department has imposed sanctions on a Russian exploit broker who purchased stolen hacking tools from a former executive of a U.S. defense contractor.

Matrix LLC, operating as Operation Zero and based in St. Petersburg, Russia, along with its owner Sergey Sergeyevich Zelenyuk and five affiliated individuals and companies, were designated by the Department’s Office of Foreign Assets Control (OFAC) on Tuesday.

The sanctions were applied under the Protecting American Intellectual Property Act (PAIPA), a legislation aimed at combatting intellectual property theft by foreign adversaries, marking the first instance of the law’s utilization since its inception.

These actions coincide with the sentencing of Peter Williams, a 39-year-old Australian national and former general manager of Trenchant, a cybersecurity division of U.S. defense contractor L3Harris specializing in zero-day exploits and surveillance tools.

Williams received an 87-month prison term on Tuesday after admitting guilt in October to stealing eight zero-day exploits from Trenchant and selling them to Operation Zero for around $1.3 million in cryptocurrency, despite their intended use solely by the U.S. government and allied intelligence agencies.

Operation Zero is currently offering substantial bounties to security researchers and others for the development or procurement of exploits targeting widely-used software, including U.S.-developed operating systems and encrypted messaging apps.

The company, catering to both Russian government and private clients, asserts that it exclusively sells zero-day exploits to Russian entities.

“Zelenyuk and Operation Zero engage in trading ‘exploits’—code snippets or techniques exploiting vulnerabilities in software to facilitate unauthorized access, data theft, or device control—and have incentivized individuals to supply exploits for U.S.-based software,” stated the Department of the Treasury.

“Among the acquired exploits were at least eight proprietary cyber tools originally intended for use only by the U.S. government and its allies, which were stolen from a U.S. corporation. Operation Zero subsequently sold these stolen tools to at least one unauthorized user.”

OFAC also sanctioned Zelenyuk’s UAE-based front entity, Special Technology Services LLC, as well as two individuals previously associated with Operation Zero (including Oleg Vyacheslavovich Kucherov, suspected to be linked to the Trickbot cybercrime group) and a second exploit brokerage firm, Advance Security Solutions, operating in the United Arab Emirates and Uzbekistan.

These sanctions freeze all assets held in the U.S. by the designated entities and individuals, subjecting American entities and individuals engaging in transactions with them to secondary sanctions or enforcement measures.

Modern IT infrastructure moves faster than manual workflows can handle.

Discover how your team can reduce manual delays, enhance reliability with automated responses, and establish intelligent workflows using your existing tools in this new Tines guide.

Get the guide