US sanctions Russian broker for buying stolen zero-day exploits

Source: Bleeping Computer

Sanctions Overview

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) designated Matrix LLC (doing business as Operation Zero and headquartered in St. Petersburg, Russia) on Tuesday. The designation also includes its owner, Sergey Sergeyevich Zelenyuk, and five associated individuals and companies.

The sanctions were imposed under the Protecting American Intellectual Property Act (PAIPA)—the first use of this law since its enactment—to target intellectual‑property theft by foreign adversaries.

Peter Williams Sentencing

The designations coincide with the sentencing of Peter Williams, a 39‑year‑old Australian national and former general manager of Trenchant, the cybersecurity unit of U.S. defense contractor L3Harris. Williams was sentenced to 87 months in prison after pleading guilty in October to:

• Stealing eight zero‑day exploits from Trenchant.
• Selling the exploits to Operation Zero for roughly $1.3 million in cryptocurrency.

The stolen tools were originally developed exclusively for use by the U.S. government and allied intelligence agencies.

Operation Zero’s Exploit‑Bounty Program

Operation Zero is offering millions of dollars in bounties to security researchers and others for the development or acquisition of exploits targeting widely used software, including:

• U.S.-built operating systems.
• Encrypted messaging applications.

The company’s website states that it sells zero‑day exploits only to Russian private and government organizations, and its client list includes the Russian government.

“Zelenyuk and Operation Zero trade in ‘exploits’—pieces of code or techniques that take advantage of vulnerabilities in a computer program to allow users to gain unauthorized access, steal information, or take control of an electronic device—and have offered rewards to anyone who will provide them with exploits for U.S.-built software,” the Department of the Treasury said.

“Among the exploits that Operation Zero acquired were at least eight proprietary cyber tools, which were created for the exclusive use of the U.S. government and select allies and which were stolen from a U.S. company. Operation Zero then sold those stolen tools to at least one unauthorized user.”

Additional Entities Sanctioned

OFAC also sanctioned:

• Special Technology Services LLC – Zelenyuk’s UAE‑based front company.
• Two individuals with prior ties to Operation Zero, including Oleg Vyacheslavovich Kucherov (a suspected member of the Trickbot cybercrime gang).
• Advance Security Solutions – a second exploit‑brokerage firm operating in the United Arab Emirates and Uzbekistan.

Impact of the Sanctions

• All U.S.-held assets belonging to the designated entities and individuals are frozen.
• American businesses and individuals that conduct transactions with the sanctioned parties face secondary sanctions or other enforcement actions.