Treasury sanctions Russian firm said to have stolen and sold US cyber tools

Celal Gunes / Anadolu Agency

Featured eBooks
Health Tech
Read Now

CDM

Read Now

Future-Ready Workforce

Read Now
Insights & Reports
The Ultimate Guide to Identity for AI
Presented By Carahsoft
Download Now
The state of Federal Contracting within Government Agencies with Patrick Hughes
Presented By Carahsoft
Download Now
David DiMolfetta By David DiMolfetta,
Cybersecurity Reporter, Nextgov/FCW

By David DiMolfetta

|

The sanctions coincide with an FBI investigation into Peter Williams, a former employee of U.S. defense contractor L3Harris who pleaded guilty to selling cyber exploits to a Russian entity.

The Treasury Department on Tuesday sanctioned Russian firm Operation Zero and several affiliated individuals for allegedly buying stolen cyber tools originally developed for the U.S. government and reselling them for millions in cryptocurrency.

Treasury also sanctioned the company’s leader, Sergey Sergeyevich Zelenyuk, for the firm’s role in allegedly acquiring the eight proprietary cybersecurity tools built by a U.S. company that were meant for use by the federal government and select allies. The company resold the stolen tools to “at least one unauthorized user,” Treasury said.

Operation Zero trades in cyber exploits, which include various software toolkits containing specialized code built to steal data and compromise computer systems.

The sanctions against the firm and Zelenyuk run parallel with an FBI investigation into Peter Williams, a former employee of Trenchant, which is owned by defense contractor L3Harris. Williams pleaded guilty in October to selling at least eight of the company’s exploits to a Russian broker whose identity was not disclosed at the time. 

Treasury appears to now have identified that broker as Operation Zero. Williams “stole several proprietary cyber tools from the company between 2022 and 2025 and sold them to Operation Zero in exchange for millions of dollars paid in cryptocurrencies,” the department said in a statement announcing the sanctions.

Zelenyuk did not immediately respond to a request for comment.

The U.S. also sanctioned a United Arab Emirates–based affiliate, Special Technology Services, along with Zelenyuk’s assistant, Marina Evgenyevna Vasanovich. The department additionally designated two individuals tied to the company — Azizjon Makhmudovich Mamashoyev and Oleg Vyacheslavovich Kucherov — who allegedly worked with Operation Zero.

Kucherov, a Russian national, is notably suspected of being affiliated with the ransomware group Trickbot, whose alleged members have previously been sanctioned by both the United States and the United Kingdom.

The actions are the first to be invoked under a 2023 law mandating financial penalties against parties that pilfer U.S. trade secrets.

“If you steal U.S. trade secrets, we will hold you accountable,” Secretary of the Treasury Scott Bessent said in a statement. “Treasury will continue to work alongside the rest of the Trump administration to protect sensitive American intellectual property and safeguard our national security.”

Stealing U.S.-built cyber exploits can grant foreign adversaries and criminal groups ready-made hacking tools they can quickly turn against government networks, defense contractors and critical infrastructure.

NEXT STORY: Energy Department patched flaws enabling email impersonation in critical minerals system