The U.S. Departments of State and Treasury on February 24, 2026 designated a Russia-based cyber exploits broker, its director, and affiliated entities for stealing U.S. trade secrets and selling cyber tools originally developed for the U.S. government. The action, taken under the Protecting American Intellectual Property Act and Executive Order 13694, aims to counter threats to national security and economic stability.
The coordinated sanctions were announced in Washington following investigations into cyber-enabled theft of proprietary tools from a U.S. defense contractor between 2022 and 2025.
The State Department and Treasury’s Office of Foreign Assets Control identified the network as part of a broader effort to protect sensitive intellectual property and prevent misuse of undisclosed software vulnerabilities.
Cyber Sanctions Target Russia Exploit Broker Network
The U.S. Department of State designated Russian national Sergey Zelenyuk, his company Matrix LLC operating as Operation Zero, and UAE-based Special Technology Services LLC FZ under the Protecting American Intellectual Property Act, according to a State Department fact sheet released February 24, 2026.
The department stated these parties knowingly engaged in or benefited from theft of trade secrets belonging to U.S. persons. Such actions were assessed as posing risks to national security, foreign policy interests, and economic stability.
Meanwhile, the U.S. Department of the Treasury’s Office of Foreign Assets Control designated Zelenyuk, Operation Zero, and associated individuals under Executive Order 13694, as amended by Executive Order 14306. OFAC said the network acquired and distributed cyber exploits targeting U.S.-built software and offered bounties for vulnerabilities.
| Indicator | Recent Movement | Context |
|---|---|---|
| Primary targets | Designated entities and individuals | State Department and OFAC actions against Operation Zero network |
| Legal authority | PAIPA and E.O. 13694 | Sanctions applied under intellectual property protection and cyber authorities |
| Cyber tools | Stolen government-linked exploits | OFAC stated tools were intended for U.S. government and allies |
Trade Secret Theft and Exploit Sales
According to the Department of Justice and the Federal Bureau of Investigation investigation referenced by Treasury, Australian national Peter Williams stole eight zero-day exploits from a U.S. defense contractor between 2022 and 2025.
Treasury said these tools were sold to Operation Zero for approximately $1.3 million in cryptocurrency. Zero-day exploits exploit software vulnerabilities for which no security patches exist, increasing their value for espionage or cyber operations.
OFAC stated that Operation Zero subsequently sold the stolen tools to unauthorized users, potentially enabling cyber attacks or surveillance. Additionally, the broker publicly advertised rewards for vulnerabilities in widely used software while not disclosing them to developers, increasing exposure to malicious use.
- Criminal case: The Department of Justice confirmed Williams pleaded guilty on October 29, 2025 to theft of trade secrets
- Operational impact: Stolen tools intended for U.S. government use were redistributed, according to Treasury statements
Sanctions Implications for Assets and Transactions
As a result of the designations, all property and interests of the sanctioned parties within U.S. jurisdiction are blocked, according to OFAC regulations. U.S. persons are generally prohibited from conducting transactions with designated individuals or entities unless authorized. Financial institutions must report blocked assets and may face penalties for violations.
The State Department also noted that individuals or companies engaging in certain transactions with sanctioned parties could face secondary sanctions risk. These measures are intended to restrict access to financial systems and limit operational capabilities of the designated network.
In Conclusion
The coordinated sanctions by the State Department and Treasury reflect a government effort to counter cyber-enabled theft of sensitive technologies and protect national security interests.
By targeting exploit brokers and associated actors, authorities aim to disrupt markets for stolen cyber tools and deter future misuse of proprietary vulnerabilities. The case highlights ongoing risks posed by undisclosed software exploits and international cybercrime networks.
Sources: U.S. Department of State, U.S. Department of the Treasury, U.S. Department of Justice.
Prepared by Ivan Alexander Golden, Founder of THX News, an independent news organization delivering timely insights from global official sources.
Combines AI-analyzed research with human-edited accuracy and context.
