The U.S. Department of the Treasury announced sanctions against Sergey Sergeyevich Zelenyuk and his company Matrix LLC, which operates under the name Operation Zero, as well as five related individuals and entities. The action targets those involved in acquiring and distributing cyber tools that pose a risk to U.S. national security.
According to the Treasury, Zelenyuk and Operation Zero trade in “exploits,” which are pieces of code or techniques used to exploit vulnerabilities in computer programs. These exploits can enable unauthorized access, theft of information, or control over electronic devices. The department stated that Operation Zero has offered rewards for anyone providing exploits targeting U.S.-built software. Some of these tools were proprietary cyber tools developed exclusively for use by the U.S. government and select allies but were stolen from a U.S. company and sold to unauthorized users.
“If you steal U.S. trade secrets, we will hold you accountable,” said Secretary of the Treasury Scott Bessent. “Treasury will continue to work alongside the rest of the Trump Administration to protect sensitive American intellectual property and safeguard our national security.”
The sanctions coincide with an investigation by the Department of Justice and FBI into Peter Williams, an Australian national who previously worked at the affected U.S. company. Williams pleaded guilty on October 29, 2025, to two counts of theft of trade secrets after stealing several proprietary cyber tools between 2022 and 2025 and selling them to Operation Zero for millions in cryptocurrency.
Zelenyuk, a Russian national based in St. Petersburg, has been active as an exploit broker since 2021 through Operation Zero. The company has offered significant bounties for exploits targeting widely used software systems, including operating systems and encrypted messaging applications made in the United States. According to public statements from Zelenyuk and his firm, they do not disclose discovered exploits to software developers but instead sell them only to customers outside NATO countries—including foreign intelligence agencies—and have sought relationships with hackers via social media.
OFAC also imposed sanctions on other individuals connected with Zelenyuk: Marina Evgenyevna Vasanovich (his assistant), UAE-based Special Technology Services LLC FZ (STS), Azizjon Makhmudovich Mamashoyev, Oleg Vyacheslavovich Kucherov (a suspected member of the Trickbot cybercrime group), as well as Advance Security Solutions—a cybersecurity firm established by Mamashoyev operating in both UAE and Uzbekistan.
Sanctions mean all property belonging to designated persons within or controlled by Americans is blocked; any business owned at least 50 percent by one or more sanctioned parties is similarly restricted under these measures. Americans are generally prohibited from engaging in transactions involving such persons unless specifically authorized by OFAC regulations.
Violating these sanctions may result in civil or criminal penalties for both domestic and foreign individuals or entities found responsible.
These designations mark the first use of authority under the Protecting American Intellectual Property Act (PAIPA). The law allows for sanctions against those who knowingly engage in significant thefts of American trade secrets if such actions present threats to U.S. national security or economic stability.
For further details on enforcement guidelines regarding these actions or about removal from OFAC lists such as SDN List, visit OFAC’s official guidance pages.
