The Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday sanctioned Russian national Sergey Sergeyevich Zelenyuk and his company, Matrix LLC – known as Operation Zero – along with five associated individuals and entities, for allegedly trading in cyber tools that the department said threaten U.S. national security.
OFAC said Operation Zero operates as an exploit broker, trafficking in code and techniques that take advantage of software vulnerabilities to enable unauthorized access or control of devices. The agency said the individuals and entities also offered rewards for exploits targeting U.S.-built software.
“Among the exploits that Operation Zero acquired were at least eight proprietary cyber tools, which were created for the exclusive use of the U.S. government and select allies and which were stolen from a U.S. company. Operation Zero then sold those stolen tools to at least one unauthorized user,” OFAC said.
The designations place Zelenyuk and Matrix LLC on OFAC sanctions lists, blocking any property and interests in property under U.S. jurisdiction and generally prohibiting U.S. persons from doing business with them.
“If you steal U.S. trade secrets, we will hold you accountable,” Treasury Secretary Scott Bessent said in a statement.
Beyond offering million-dollar bounties targeting U.S. software, OFAC said Operation Zero withheld vulnerabilities from vendors, marketed exploits to non-NATO customers, sought foreign intelligence buyers, recruited hackers via social media, and developed spyware and other tools designed to extract sensitive data.
OFAC also sanctioned individuals and firms allegedly linked to Operation Zero, including Zelenyuk’s assistant Marina Vasanovich; Special Technology Services, a United Arab Emirates-controlled company; associates Azizjon Mamashoyev and Oleg Kucherov, identified by OFAC as a suspected member of Trickbot; and Mamashoyev’s exploit brokerage Advance Security Solutions.
Federal agencies and lawmakers have been actively adjusting long-term cyber strategies to meet rising cyber threats. Last year, those threats ranged from remote access compromises at the Treasury Department to ongoing campaigns by state-linked actors, which have prompted policy shifts and sustained focus on resilience across government networks.