U.S. Sanctions Russian Exploit Broker Network for Trafficking Stolen Cyber Tools
On February 24, 2026, the U.S. Department of the Treasury imposed sanctions on a Russian-based exploit broker network accused of stealing and selling sensitive cyber tools developed for national security. The primary target, Sergey Sergeyevich Zelenyuk and his firm Matrix LLC (Operation Zero), were designated under the Protecting American Intellectual Property Act (PIPA) the first-ever use of the law.
Operation Zero, active since 2021, operated as an exploit broker, paying hackers millions to uncover vulnerabilities in U.S. software and encrypted messaging apps. The group acquired eight proprietary cyber tools from Peter Williams, a 39-year-old Australian national and former senior employee at a U.S. defense contractor. Williams pleaded guilty in October 2025 to stealing the tools, which were intended for exclusive government use, and selling them to Operation Zero for cryptocurrency. He was sentenced to 87 months in prison and ordered to forfeit $1.3 million, luxury assets, and a house.
The Treasury Department revealed that Operation Zero resold the stolen tools to unauthorized buyers and explored AI-driven methods to extract private data. The sanctions also extended to key associates, including Marina Evgenyevna Vasanovich (Zelenyuk’s assistant), Azizjon Makhmudovich Mamashoyev (linked to UAE-based Advance Security Solutions), and Oleg Vyacheslavovich Kucherov, a suspected member of the Trickbot cybercrime gang. A UAE-based firm, Special Technology Services (STS), was also named in the operation.
The sanctions freeze the group’s assets and block their access to the global financial system, reinforcing the U.S. government’s stance against intellectual property theft. Treasury Secretary Scott Bessent emphasized accountability, stating, “If you steal U.S. trade secrets, we will hold you accountable.”
Source: https://hackread.com/us-sanctions-russian-exploit-broker-us-cyber-tools/
Bureau of Industry and Security, U.S. Department of Commerce cybersecurity rating report: https://www.rankiteo.com/company/bureau-of-industry-and-security-u.s.-department-of-commerce
Matrix, LLC cybersecurity rating report: https://www.rankiteo.com/company/matrix-llc
"id": "BURMAT1772051599",
"linkid": "bureau-of-industry-and-security-u.s.-department-of-commerce, matrix-llc",
"type": "Cyber Attack",
"date": "2/2026",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"{'affected_entities': [{'industry': 'Defense/National Security',
'location': 'United States',
'name': 'U.S. Government',
'type': 'Government'},
{'industry': 'Cybercrime/Exploit Brokerage',
'location': 'Russia',
'name': 'Matrix LLC (Operation Zero)',
'type': 'Private Company'},
{'industry': 'Cybersecurity',
'location': 'UAE',
'name': 'Advance Security Solutions',
'type': 'Private Company'},
{'industry': 'Cybersecurity',
'location': 'UAE',
'name': 'Special Technology Services (STS)',
'type': 'Private Company'}],
'attack_vector': 'Insider Threat, Exploit Acquisition, Dark Web Sales',
'data_breach': {'data_exfiltration': 'Yes (sold to unauthorized buyers)',
'sensitivity_of_data': 'High (government-use only)',
'type_of_data_compromised': 'Proprietary cyber tools, '
'national security-related '
'software'},
'date_publicly_disclosed': '2026-02-24',
'description': 'On February 24, 2026, the U.S. Department of the Treasury '
'imposed sanctions on a Russian-based exploit broker network '
'accused of stealing and selling sensitive cyber tools '
'developed for national security. The primary targets, Sergey '
'Sergeyevich Zelenyuk and his firm Matrix LLC (Operation '
'Zero), were designated under the Protecting American '
'Intellectual Property Act (PIPA), the first-ever use of the '
'law. Operation Zero resold the stolen tools to unauthorized '
'buyers and explored AI-driven methods to extract private '
'data.',
'impact': {'data_compromised': 'Eight proprietary cyber tools developed for '
'U.S. national security',
'financial_loss': '$1.3 million (forfeited by Peter Williams)',
'legal_liabilities': 'Sanctions imposed under PIPA, criminal '
'charges against Peter Williams'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (to Operation Zero '
'and unauthorized buyers)',
'entry_point': 'Insider threat (Peter Williams, '
'former U.S. defense contractor '
'employee)',
'high_value_targets': 'U.S. national security cyber '
'tools'},
'investigation_status': 'Ongoing (sanctions imposed, criminal case concluded '
'for Peter Williams)',
'motivation': ['Financial Gain',
'Cyber Espionage',
'Intellectual Property Theft'],
'post_incident_analysis': {'corrective_actions': 'Sanctions, asset freezing, '
'criminal prosecution, '
'enhanced insider threat '
'detection',
'root_causes': 'Insider threat, lack of safeguards '
'for proprietary cyber tools, '
'exploitation by foreign exploit '
'brokers'},
'references': [{'date_accessed': '2026-02-24',
'source': 'U.S. Department of the Treasury'}],
'regulatory_compliance': {'legal_actions': ['Sanctions imposed',
'Criminal charges against Peter '
'Williams'],
'regulations_violated': ['Protecting American '
'Intellectual Property Act '
'(PIPA)'],
'regulatory_notifications': 'U.S. Treasury public '
'disclosure'},
'response': {'communication_strategy': 'Public disclosure by U.S. Treasury, '
'press statements',
'containment_measures': 'Sanctions imposed, asset freezing',
'law_enforcement_notified': 'Yes (U.S. Department of the '
'Treasury, DOJ)'},
'stakeholder_advisories': 'U.S. government warnings to entities dealing with '
'exploit brokers and insider threats',
'threat_actor': ['Sergey Sergeyevich Zelenyuk',
'Matrix LLC (Operation Zero)',
'Peter Williams',
'Marina Evgenyevna Vasanovich',
'Azizjon Makhmudovich Mamashoyev',
'Oleg Vyacheslavovich Kucherov',
'Advance Security Solutions',
'Special Technology Services (STS)',
'Trickbot cybercrime gang'],
'title': 'U.S. Sanctions Russian Exploit Broker Network for Trafficking '
'Stolen Cyber Tools',
'type': 'Cyber Espionage, Intellectual Property Theft, Exploit Brokerage'}