The United States Department of the Treasury has taken decisive action against a network of exploit brokers responsible for trafficking stolen government cyber tools.
On February 24, 2026, the Office of Foreign Assets Control designated Russian national Sergey Zelenyuk and his company, Operation Zero, alongside several affiliates.
This marks a significant enforcement action aimed at protecting national security and American intellectual property from malicious cyber threats.
Operation Zero operates as an aggressive exploit broker, offering massive financial bounties to researchers who disclose vulnerabilities in software developed in the United States.
The organization recently acquired at least eight highly sensitive, proprietary cyber tools originally designed for the exclusive use of the U.S. government and allied nations.
Peter Williams, an Australian former employee of a U.S. defense contractor, stole these tools.
Between 2022 and 2025, Williams smuggled these trade secrets to Operation Zero in exchange for millions of dollars in cryptocurrency.
Zelenyuk then commercialized these stolen assets, actively advertising them exclusively to intelligence agencies in non-NATO countries.
This malicious distribution pipeline allows foreign adversaries to potentially launch destructive ransomware attacks or extract sensitive data from large language models and messaging applications.
In response, the U.S. government imposed sanctions under the Protecting American Intellectual Property Act, making this the first enforcement action of its kind under that legislation.
The sanctions extend beyond Zelenyuk to dismantle his broader support network across Russia, the United Arab Emirates, and Uzbekistan.
The Treasury designated his assistant, Marina Vasanovich, and a UAE-based technology company called Special Technology Services, which Zelenyuk heavily controls.
Law enforcement also identified connections to established cybercrime syndicates.
Oleg Kucherov, a designated associate, is suspected of being a member of the notorious Trickbot gang, a malware group responsible for severe ransomware attacks against American hospitals.
Another key figure, Azizjon Mamashoyev, was sanctioned for creating Advance Security Solutions, an exploit brokerage firm mirroring the tactics of Operation Zero.
As a result of these designations, all financial assets held by these entities in the United States are frozen, and American citizens are strictly prohibited from conducting business with them.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
