The United States Treasury Department has announced a series of economic sanctions targeting individuals and companies linked to a Russia-based intermediary network, accused of stealing and selling advanced cybersecurity software. These sanctions mark the first use of a new law aimed at cracking down on the unauthorized acquisition and sale of US government cybersecurity tools via cryptocurrency to third parties.
Sanctions Target Operation Zero and Zelenyuk
Among those blacklisted are Sergey Sergeyevich Zelenyuk, based in St. Petersburg, and several associates and firms connected to his organization, Operation Zero. Authorities allege Zelenyuk and his network acquired and traded in so-called exploit tools that take advantage of software vulnerabilities without disclosing them publicly, instead selling them to unrelated third parties. As a result of the sanctions, any assets linked to the named entities within US jurisdiction have been frozen, while US nationals are prohibited from conducting transactions with them.
Stolen Defense Tools and Cryptocurrency Payments
Investigation revealed that the tools obtained by Operation Zero were initially developed by a US defense contractor, intended strictly for government and allied use. In all, eight secure cybersecurity tools were compromised, with evidence pointing to their theft by Peter Williams, a former contractor employee from Australia, between 2022 and 2025.
Williams is reported to have sold these confidential tools to Operation Zero in exchange for millions of dollars in cryptocurrency. The US Department of Justice and FBI led a joint investigation into the breach, resulting in Williams pleading guilty to two separate charges of stealing trade secrets.
First Use of New Law and Additional Measures
Treasury Secretary Scott Bessent highlighted the sweeping nature of the response as a crucial effort to protect sensitive US intellectual property. Reinforcing the tough stance, Bessent underscored:
There will be accountability for those who steal American trade secrets.
The sanctions were enacted under Executive Order 13694, which provides the legal foundation for countering activities that threaten US cybersecurity. In parallel, the State Department imposed further penalties under the Protecting American Intellectual Property Act, which criminalizes the misuse of American trade secrets abroad, especially in cases involving national security risks. Notably, Zelenyuk and Operation Zero are the first entities ever sanctioned under this new statute.
Sanctions also extend to other individuals and companies affiliated with the network, such as Marina Vasanovich and Special Technology Services LLC FZ, registered in the United Arab Emirates. Oleg Kucherov and Azizjon Mamashoyev have been named for their alleged roles in supporting the operation. Kucherov, in particular, is alleged to have ties to the Trickbot group, notorious for ransomware attacks targeting US public agencies and the healthcare sector.
The Treasury believes Operation Zero has facilitated bug bounty programs—awarding millions in cryptocurrency—to uncover vulnerabilities in widely used US operating systems and encrypted messaging platforms. Rather than disclose these flaws to software developers, the findings were sold mainly to buyers in countries that are not US allies.
The Treasury also flagged the use of cryptocurrency as a means of laundering proceeds from these illicit activities but did not disclose which digital wallets had been identified in connection with the operation.
