The Department of the Treasury’s Office of Foreign Assets Control (OFAC) levied sanctions against a company and its associates for the acquisition and distribution of cyber tools that are deemed harmful to U.S. national security.
Specifically, OFAC took action against Sergey Sergeyevich Zelenyuk and his company, Matrix LLC, doing business as Operation Zero, as well as five associated individuals and entities.
Zelenyuk and Operation Zero trade in “exploits”—pieces of code or techniques that take advantage of vulnerabilities in a computer program to allow users to gain unauthorized access, steal information, or take control of an electronic device. They have also offered rewards to anyone who will provide them with exploits for U.S.-built software. Among the exploits that Operation Zero acquired were at least eight proprietary cyber tools, which were created for the exclusive use of the U.S. government and select allies and which were stolen from a U.S. company. Operation Zero then sold those stolen tools to at least one unauthorized user.
“If you steal U.S. trade secrets, we will hold you accountable,” Secretary of the Treasury Scott Bessent said. “Treasury will continue to work alongside the rest of the Trump Administration to protect sensitive American intellectual property and safeguard our national security.”
This action coincides with an investigation by the Department of Justice and the Federal Bureau of Investigation of Peter Williams, an Australian national and a former employee of the aforementioned U.S. company who pleaded guilty on October 29, 2025, to two counts of theft of trade secrets. Williams stole several proprietary cyber tools from the company between 2022 and 2025 and sold them to Operation Zero in exchange for millions of dollars paid in cryptocurrencies.
Zeleny, through his St. Petersburg, Russia-headquartered company Operation Zero, has been active as an exploit broker since 2021.Operation Zero has offered millions of dollars in bounties to cybersecurity researchers and others for the development or acquisition of exploits targeting commonly used software, including U.S.-built operating systems and encrypted messaging applications.
As a result of the sanctions, all property of the designated persons that are in the United States are blocked and must be reported to OFAC, among other stipulations and restrictions.