OFAC targets Russia-linked exploit broker network over stolen U.S. cyber tools

The Treasury Department’s Office of Foreign Assets Control (OFAC) designated Sergey Sergeyevich Zelenyuk and Matrix LLC (doing business as Operation Zero), along with associated individuals and entities, for their acquisition and distribution of cyber tools described as harmful to U.S. national security.

According to Treasury, Zelenyuk and Operation Zero trade in “exploits” and offered rewards for exploits targeting commonly used software, including U.S.-built software. Treasury said Operation Zero acquired at least eight proprietary cyber tools created for the exclusive use of the U.S. government and select allies, which were stolen from a U.S. company, and then sold the tools to at least one unauthorized user.

OFAC’s SDN List update added four individuals: Zelenyuk; Marina Evgenyevna Vasanovich; Azizjon Makhmudovich Mamashoyev; and Oleg Vyacheslavovich Kucherov. It also added three entities: Matrix LLC (Operation Zero); Special Technology Services LLC FZ (STS), a UAE-based company described as controlled by Zelenyuk; and Advance Security Solutions, described as an exploit brokerage firm created by Mamashoyev with operations in the UAE and Uzbekistan.

Treasury said it designated Zelenyuk, Operation Zero and the associated parties under Executive Order 13694, as amended.

In parallel, Treasury said the Department of State is sanctioning Zelenyuk, Operation Zero and STS under the Protecting American Intellectual Property Act (PAIPA). The SDN List entries for Zelenyuk, Matrix LLC and STS include PAIPA-related blocking and other restrictions.

As a result of the designations, OFAC said all property and interests in property of the designated persons that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. OFAC said entities owned 50% or more by one or more blocked persons are also blocked, and that transactions by U.S. persons or within (or transiting) the United States involving blocked persons are generally prohibited unless authorized or exempt.

Treasury’s release included a quote attributed to Treasury Secretary Scott Bessent: “If you steal U.S. trade secrets, we will hold you accountable,” and said Treasury will continue to work with the administration “to protect sensitive American intellectual property and safeguard our national security.”