The U.S. Department of the Treasury has taken unprecedented action against a Russian network accused of stealing American cyber tools. On February 24, 2026, the Office of Foreign Assets Control (OFAC) sanctioned Sergey Sergeyevich Zelenyuk and his company, Matrix LLC, known publicly as Operation Zero. This move targets entities that have reportedly compromised U.S. national security by acquiring and distributing harmful cyber tools.
First Use of PAIPA Sanctions
This marks the inaugural application of the Protecting American Intellectual Property Act (PAIPA) to sanction foreign entities. The act aims to deter the theft of U.S. intellectual property by imposing penalties on foreign actors who profit from such activities. The sanctions highlight a shift in enforcement against international entities involved in cyber theft.
Central to this case is Peter Williams, an Australian who once worked at Trenchant, a cybersecurity unit of U.S. defense contractor L3Harris. Between 2022 and 2025, Williams misused his access to steal at least eight zero-day exploits, selling them to Operation Zero for $1.3 million in cryptocurrency. The theft reportedly caused $35 million in losses to Trenchant. Williams pleaded guilty to theft of trade secrets and received a sentence of 87 months in federal prison.
Operation Zero’s Role in Exploit Brokering
Active since 2021, Operation Zero has made a name as a broker of exploits, offering significant bounties for zero-day vulnerabilities in widely used software. The company targets software from non-NATO countries, including U.S. systems. The group does not inform software vendors about discovered vulnerabilities, posing a threat to global cybersecurity.
Beyond brokering, Zelenyuk and Operation Zero have been involved in developing spyware and techniques to extract data from AI models. They have also recruited hackers through social media to bolster their operations. Tools stolen from Trenchant were sold to unauthorized users, potentially compromising millions of devices worldwide.
Sanctioned Entities and Individuals
Alongside Zelenyuk, several individuals and entities have been sanctioned. These include Marina Evgenyevna Vasanovich, Zelenyuk’s assistant, and Special Technology Services LLC FZ, a UAE-based affiliate controlled by Zelenyuk. Other sanctioned parties include Oleg Vyacheslavovich Kucherov, a suspected member of the TrickBot gang, and Azizjon Makhmudovich Mamashoyev, operator of Advance Security Solutions.
These sanctions block any U.S.-held assets of the designated parties and prohibit U.S. persons from engaging with them. The Department of State has also issued designations under PAIPA, reinforcing the U.S. commitment to protecting its intellectual property.
Treasury Secretary Scott Bessent emphasized the administration’s resolve to hold accountable those who steal U.S. trade secrets, using all available legal measures to safeguard national security and intellectual property.
