Cybersecurity – US Sanctions Russian Broker Over Stolen Cyber Tools

Cybersecurity – The United States has announced sanctions against a Russian cyber broker and related entities accused of trafficking in stolen American digital tools, marking the first use of a relatively new federal law designed to safeguard US intellectual property.

The measures focus on Russian national Sergey Sergeyevich Zelenyuk and his firm, Operation Zero. The action comes alongside a separate criminal case involving Australian citizen Peter Williams, who admitted last year to stealing proprietary cyber tools from a US company and selling them to Operation Zero.

First Use of Intellectual Property Protection Law

The Department of State confirmed it had imposed sanctions on one individual and two entities under the Protecting American Intellectual Property Act (PAIPA). Officials said the action was taken in connection with the theft of trade secrets belonging to US individuals and organizations. It represents the first time authorities have applied sanctions under this law, with parallel steps taken by the Treasury Department.

In a statement issued on February 24, Principal Deputy Spokesperson Tommy Pigott said that the theft of trade secrets, particularly in emerging and sensitive technology sectors, presents a serious risk to national security and economic growth. He noted that such activity damages American companies, undermines jobs and investment, and results in billions of dollars in annual losses for US industry.

Treasury Targets Broker and Network

At the same time, the Treasury Department’s Office of Foreign Assets Control designated Zelenyuk and Matrix LLC, which operates under the name Operation Zero. Five additional associated individuals and entities were also included in the sanctions.

According to Treasury officials, Zelenyuk and his network specialize in the trade of so-called exploits — code designed to take advantage of software vulnerabilities in order to gain unauthorized access to devices or systems. Authorities allege that Operation Zero obtained at least eight proprietary cyber tools originally developed exclusively for use by the US government and certain allied partners. These tools were reportedly stolen from a US company and later transferred to at least one unauthorized buyer.

Treasury Secretary Scott Bessent said in a statement that individuals involved in stealing American trade secrets would be held accountable. He added that the department would continue coordinating with other parts of the administration to protect sensitive technologies and reinforce national security safeguards.

Criminal Case Against Former Employee

The sanctions coincide with a criminal investigation led by the Department of Justice and the Federal Bureau of Investigation into Peter Williams, a former employee of the affected US company. Court records show that Williams pleaded guilty on October 29, 2025, to two counts of theft of trade secrets.

Prosecutors stated that between 2022 and 2025, Williams unlawfully copied and transferred proprietary cyber tools, later selling them to Operation Zero. In return, he allegedly received payments amounting to millions of dollars in cryptocurrency.

Officials said the case underscores the financial incentives driving the illicit market for advanced cyber capabilities and the broader risks posed by insider threats within technology firms handling sensitive government-related projects.

Additional Sanctions and Legal Authority

In a related move, the State Department also sanctioned Special Technology Services LLC FZ, a company based in the United Arab Emirates and linked to the network. The action was taken under PAIPA, which authorizes sanctions against individuals or entities that knowingly engage in, or profit from, significant theft of US trade secrets when such activity threatens national security, foreign policy interests, or economic stability.

As a result of the designations, any property or financial interests belonging to the sanctioned individuals and entities within US jurisdiction are blocked. American citizens and businesses are generally prohibited from conducting transactions with them.

Officials described the coordinated measures as part of a broader effort to deter cyber-enabled intellectual property theft and to reinforce protections for sensitive American technologies in an increasingly complex digital threat landscape.