Russian nationals sanctioned for stealing and selling U.S. government hacking tools

The U.S. treasury has designated six Russia-linked individuals and entities for stealing and distributing proprietary hacking tools developed exclusively for use by U.S. government agencies.

 

The Department of the Treasury’s Office of Foreign Assets Control said it designated Sergey Sergeyevich Zelenyuk, his company Matrix LLC, which operates as Operation Zero, along with five other individuals and entities for gaining access to and distributing cutting-edge hacking tools which were developed for the exclusive use of the U.S. government and select allies.

 

The designated individuals and entities stole the hacking tools from a U.S. company, and the stolen tools included "at least eight proprietary cyber tools," the treasury said. The theft was enabled by Australian national Peter Williams who was a former general manager at the said U.S. company, which is also a defence contractor. 

 

Williams pleaded guilty on October 29, 2025, on two counts of theft of trade secrets over a three-year period. "Williams sold the trade secrets to a Russian cyber-tools broker that publicly advertises itself as a reseller of cyber exploits to various customers, including the Russian government," the Department of Justice said.

 

Williams faces up to twenty years in prison and a fine of up to $250,000 or twice the pecuniary gain or loss of the offence. "His conduct was deliberate and deceitful, imperiling our national security for the sake of personal gain," said Assistant Attorney General for National Security John A. Eisenberg.

 

According to the Treasury, Zelenyuk used his St. Petersburg, Russia-headquartered company since at least 2021 to acquire cutting-edge hacking tools and paid millions in bounties to cyber security researchers worldwide to develop exploits for widely-used U.S.-built operating systems, software and encrypted messaging applications. 

 

Zelenyuk and his accomplices then sold the hacking tools and exploits to foreign intelligence agencies and malicious actors based in non-NATO countries who used them to mount ransomware attacks or engage in other malign activities.   

 

"Zelenyuk and Operation Zero have also sought to develop other cyber intelligence systems, including spyware and methods to extract personal identifying information and other sensitive data uploaded by users of artificial intelligence applications like large language models," the Treasury said. "Operation Zero has sought to recruit hackers to support its activities and develop business relationships with foreign intelligence agencies through use of social media."

 

Aside from Zelenyuk and Operation Zero, the Treasury also sanctioned Marina Vasanovich, Zelenyuk’s assistant, UAE-based technology company STS controlled by Zelenyuk, Russian nationals Oleg Kucherov and Azizjon Mamashoyev, members of the Trickbot cybercrime gang, and exploit brokerage firm Advance Security Solutions. Mamashoyev set up Advance Security Solutions as an offensive cyber security company with operations in the UAE and Uzbekistan.  

 

"If you steal U.S. trade secrets, we will hold you accountable. Treasury will continue to work alongside the rest of the Trump Administration to protect sensitive American intellectual property and safeguard our national security," said Secretary of the Treasury Scott Bessent.