The U.S. government said Tuesday that it has issued sanctions targeting two companies involved in buying and reselling zero-day exploits, along with their founders and several associates tied to the businesses.
U.S. Treasury officials said that the government moved to sanction brokers of zero-days — software security flaws unknown to the vendor that can be weaponised to compromise systems — because this market can threaten U.S. national security, foreign policy interests, and the economy.
The first company sanctioned is Operation Zero, a Russia-based firm founded in 2021. Operation Zero drew attention in 2023 after publicly advertising offers of up to $20 million for Android and iPhone zero-days, and later stating it would pay up to $4 million for Telegram zero-days. The firm has stated that it works exclusively with the Russian government and domestic organisations.
The Treasury’s Office of Foreign Assets Control (OFAC) said Operation Zero’s customers “could use the tools to launch ransomware attacks or engage in other malign activities.”
Treasury officials also sanctioned the firm’s founder, Sergey Zelenyuk, accusing him of selling exploits to foreign intelligence services and seeking to develop spyware and intrusion capabilities. The Treasury said Zelenyuk used social media to recruit hackers and build relationships with foreign intelligence agencies. (Operation Zero maintains accounts on X and Telegram.)
According to the Treasury, Operation Zero obtained “at least eight proprietary cyber tools” that were intended solely for use by the U.S. government and certain allies, and that these tools were stolen from a U.S. company. Treasury said Operation Zero then “sold those stolen tools to at least one unauthorised user.”
Treasury said the sanctions against Operation Zero and Zelenyuk align with an FBI investigation involving Peter Williams, a former employee at U.S. defence contractor L3Harris. In October, Williams pleaded guilty to selling at least eight company exploits to an unnamed Russian broker. Treasury now says the broker was Operation Zero — a link the government had not previously publicly confirmed.
Williams served as general manager at Trenchant, a company that develops hacking and surveillance tooling for the U.S. government and key intelligence partners, including Australia, Canada, New Zealand, and the United Kingdom — commonly known as the Five Eyes alliance.
The Treasury did not respond to multiple questions related to Tuesday’s sanctions.
Alongside sanctions on Zelenyuk, Treasury also sanctioned a UAE-based affiliated company called Special Technology Services, Zelenyuk’s assistant Marina Evgenyevna Vasanovich, and two individuals connected to the company — Azizjon Makhmudovich Mamashoyev and Oleg Vyacheslavovich Kucherov — who are alleged to have worked with Operation Zero.
Operation Zero, Special Technology Services, and Zelenyuk are being sanctioned under a 2022 federal authority that allows the U.S. government to impose sanctions on individuals involved in “significant thefts of trade secrets,” according to the Treasury.
Treasury also said Kucherov, a Russian national, is suspected of being affiliated with the well-known TrickBot ransomware operation, whose alleged members have previously been sanctioned by both the U.S. and the United Kingdom.
Mamashoyev is alleged to be the founder of Advance Security Solutions, another UAE-based zero-day brokerage that was also sanctioned Tuesday.
Advance Security Solutions launched last year and advertised bounties of up to $20 million for zero-days that could enable phone hacking via text message. The broker also promoted high-paying rewards for exploit tools targeting widely used software and hardware, including Android devices, iPhones, Windows, and Chrome.
Operation Zero and Zelenyuk did not reply to a request for comment. Kucherov, Mamashoyev, and Vasanovich could not be reached immediately for comment.
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
