Treasury sanctions Russian zero-day broker accused of buying exploits stolen from U.S. defense contractor
The U.S. government announced on Tuesday sanctions against two companies that acquire and resell zero-day exploits, as well sanctioning their founders and their associates.
Officials with the U.S. Treasury told TechCrunch that the government was imposing sanctions against the brokers of zero-days — security vulnerabilities in software that are unknown to its developer but can be abused to hack people — as they pose a threat to U.S. national security, foreign policy, and economy.
The first sanctioned company is Operation Zero, a Russian firm that launched in 2021. The company made headlines in 2023 when it announced that it was offering up to $20 million for zero-days in Android devices and iPhones, and later announced that it was offering up to $4 million for zero-days in Telegram. The company claims to work exclusively with the Russian government and local organizations.
The Treasury’s Office of Foreign Assets Control (OFAC) said that Operation Zero’s customers “could use the tools to launch ransomware attacks or engage in other malign activities.”
The Treasury said it’s also sanctioning the company’s founder, Sergey Zelenyuk, who officials accused of selling exploits to foreign intelligence agencies, and who say he sought to develop spyware and hacking technologies. The Treasury said Zelenyuk engaged in recruiting hackers and developing relationships with foreign intelligence agencies through social media. (Operation Zero has accounts on both X and Telegram.)
According to the Treasury, Operation Zero acquired “at least eight proprietary cyber tools, which were created for the exclusive use of the U.S. government and select allies and which were stolen from a U.S. company,” and then “sold those stolen tools to at least one unauthorized user.”
The Treasury said that the sanctions against Operation Zero and Zelenyuk coincide with an FBI investigation into Peter Williams, who worked for U.S. defense contractor L3Harris. In October, Williams pleaded guilty to selling at least eight of the company’s exploits to an unspecified Russian broker.
The Treasury now says that the broker was Operation Zero, something that the government had not previously confirmed.
Contact Us
Do you have more information about Operation Zero? Or the market for zero-days? We’d love to hear from you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email.
Williams was the general manager at Trenchant, which develops hacking and surveillance tools for the U.S. government and some of its top intelligence partners, including Australia, Canada, New Zealand and the United Kingdom; the so-called alliance of Five Eyes countries.
The Treasury did not respond to a series of questions related to today’s sanctions.
Along with taking action against Zelenyuk, the U.S. Treasury is sanctioning an affiliate company based in the United Arab Emirates called Special Technology Services; as well as Zelenyuk’s assistant, Marina Evgenyevna Vasanovich, and two people associated with the company, Azizjon Makhmudovich Mamashoyev, and Oleg Vyacheslavovich Kucherov, who have allegedly worked with Operation Zero.
Operation Zero, Special Technology Services, and Zelenyuk are being sanctioned in parallel under a 2022 federal law that allows the U.S. government to impose sanctions on someone who committed “significant thefts of trade secrets,” per the Treasury.
The Treasury says Kucherov, a Russian national, is suspected of being a member of the prolific ransomware gang Trickbot, whose alleged members were previously sanctioned by the U.S. and the United Kingdom.
Mamashoyev is allegedly the founder of Advance Security Solutions, another zero-day broker based in the UAE, which was also sanctioned today.
Advance Security Solutions launched last year, offering up to $20 million for zero-days that could help hack into any type of smartphone with a text message. The broker also offered high-paying bounties for hacking tools in popular software and hardware like Android devices, iPhones, Windows, and Chrome.
Operation Zero and Zelenyuk did not respond to a request for comment. Kucherov, Mamashoyev, and Vasanovich could not be immediately reached for comment.
When contacted by TechCrunch, a person operating an Advanced Security Solution’s chat account claimed without evidence that Mamashoyev is not the founder of the company.
