INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).

Russian Exploit Broker Sanctioned for Zero-Day Theft

| 2026-02-25 19:29 CRITICAL LOW
JSON
Executive Summary AI-generated
The US government has launched a crackdown on a global network accused of stealing and selling sensitive cyber tools used for national security. The operation, code-named "Cost of Betrayal," targets Sergey Zelenyuk and his Russian firm Matrix LLC, better known as Operation Zero. This is not just any program; it's been created exclusively for the US government and its allies. The Department of Justice has announced that Zelenyuk will face sentencing after using his senior position at a US defence contractor to auction off these capabilities to a Russian bidder for personal gain. The Treasury Department also names several individuals and companies tied to the Russian broker, including Zelenyuk's assistant Marina Vasanovich and a UAE-based firm Special Technology Services. The operation involves several key players, including Mamashoyev linked to Advance Security Solutions in the UAE and Uzbekistan. Secretary of the Treasury Scott Bessent has stated that "if you steal US trade secrets, we will hold you accountable." The court also ordered Zelenyuk to give up $1.3 million, cryptocurrency, and luxury items. The stolen tools were created for exclusive use by the US government and its allies. Investigation revealed that Zelenyuk had been running this operation since 2021, offering millions of pounds in rewards to hackers who can find weaknesses in American software and encrypted messaging apps. The case involves the theft of eight proprietary cyber tools used for national security purposes. The US Treasury's action also names several individuals and companies tied to the Russian broker, including Zelenyuk's assistant Marina Vasanovich and a UAE-based firm Special Technology Services. This includes Zelenyuk himself, who has been linked to Operation Zero since 2021. The operation is part of a broader effort by the US government to combat cybercrime and protect national security. The case highlights the importance of cybersecurity and the need for individuals and companies to take responsibility for protecting sensitive information. It also underscores the consequences of stealing or selling cyber tools, which can have significant impacts on national security and economic stability.
Technical Mitigations AI-generated
* Implement a secure coding practice: Companies should ensure that their code is thoroughly reviewed and audited to detect potential vulnerabilities, such as zero-day exploits. This can be achieved by using static analysis tools, code reviews, and penetration testing. * Use robust encryption methods: Encrypting sensitive data both at rest and in transit can help protect against unauthorized access. Consider using end-to-end encryption solutions like SSL/TLS or secure key management systems to ensure the confidentiality of data. * Regularly update software and dependencies: Keeping software and dependencies up-to-date with the latest security patches can help prevent exploitation by zero-day vulnerabilities. This is especially important for critical infrastructure, such as operating systems and web applications. * Implement a robust incident response plan: Establishing an incident response plan can help organizations quickly respond to and contain potential breaches. This should include procedures for identifying, containing, and mitigating security incidents. * Use secure communication protocols: When communicating with external parties, companies should use secure communication protocols like HTTPS or SFTP to protect data in transit. Additionally, consider using encryption when transmitting sensitive information over public networks.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
Operation ZeroOperation Zero
Target & Sectors
CENTRAL_ASIA CENTRAL_ASIA NORTH_AMERICA NORTH_AMERICA governmentgovernment defensedefense technologytechnology
Incident Timeline
October 2025
The US Treasury sanctioned a Russian exploit broker and its associates, including Mamashoyev linked to Advance Security Solutions.
organisation Global Associates
A Network of Global Associates The US Treasury’s action also names several individuals and companies tied to the Russian broker.
organisation The US Treasury’s
A Network of Global Associates The US Treasury’s action also names several individuals and companies tied to the Russian broker.
financial $1.3 court
Along with his prison term, the court ordered him to give up $1.3 million, cryptocurrency, and various luxury items, including a house and expensive watches It is worth noting that Williams sold the stolen tools to Operation Zero in exchange for millions of dollars paid in cryptocurrencies.
organisation Marina Evgenyevna Vasanovich
This includes Zelenyuk’s assistant, Marina Evgenyevna Vasanovich, and a UAE-based firm called Special Technology Services (STS).
organisation Special Technology Services
This includes Zelenyuk’s assistant, Marina Evgenyevna Vasanovich, and a UAE-based firm called Special Technology Services (STS).
organisation STS
This includes Zelenyuk’s assistant, Marina Evgenyevna Vasanovich, and a UAE-based firm called Special Technology Services (STS).
organisation Advance Security Solutions
Whereas Mamashoyev is also linked to a second brokerage firm, Advance Security Solutions, which operates in the UAE and Uzbekistan.
organisation Protecting American Intellectual Property Act
These sanctions are the first ever issued under the Protecting American Intellectual Property Act.
29 October 2025
Williams used stolen US cyber tools to target Russian exploit brokers.
source_region Australia
Williams, a 39-year-old Australian national, pleaded guilty on 29 October 2025 to stealing these trade secrets.
Tuesday, February 24
The US Department of the Treasury placed sanctions on Sergey Zelenyuk and his Russian firm Matrix LLC.
target_region Russian Federation
In a move announced on Tuesday, February 24 th , the Department of the Treasury placed sanctions on Sergey Sergeyevich Zelenyuk and his Russian firm, Matrix LLC, better known in the industry as Operation Zero.
campaign Operation Zero
In a move announced on Tuesday, February 24 th , the Department of the Treasury placed sanctions on Sergey Sergeyevich Zelenyuk and his Russian firm, Matrix LLC, better known in the industry as Operation Zero.
organisation the Department of the Treasury
In a move announced on Tuesday, February 24 th , the Department of the Treasury placed sanctions on Sergey Sergeyevich Zelenyuk and his Russian firm, Matrix LLC, better known in the industry as Operation Zero.
organisation LLC
In a move announced on Tuesday, February 24 th , the Department of the Treasury placed sanctions on Sergey Sergeyevich Zelenyuk and his Russian firm, Matrix LLC, better known in the industry as Operation Zero.
February 24th
The US Department of Justice announced the sentencing of a Russian expatriate who used his senior position at a US defence contractor to auction off stolen US cyber tools.
source_region United States
The Department of Justice also announced his sentencing on February 24th, revealing that he used his senior position at a US defence contractor to auction off these capabilities to a Russian bidder for personal gain.
target_region Russian Federation
The Department of Justice also announced his sentencing on February 24th, revealing that he used his senior position at a US defence contractor to auction off these capabilities to a Russian bidder for personal gain.
organisation The Department of Justice
The Department of Justice also announced his sentencing on February 24th, revealing that he used his senior position at a US defence contractor to auction off these capabilities to a Russian bidder for personal gain.
2026-02-25
Russian exploit broker Special Technology Services LLC was sanctioned by the US Treasury Department for buying stolen zero-day exploits from a former executive of L3Harris.
organisation The U.S. Treasury Department
The U.S. Treasury Department has sanctioned a Russian exploit broker who bought stolen hacking tools from a former executive of a U.S. defense contractor.
organisation Matrix LLC
The Department's Office of Foreign Assets Control (OFAC) designated Matrix LLC (doing business as Operation Zero and headquartered in St. Petersburg, Russia) on Tuesday, along with its owner, Sergey Sergeyevich Zelenyuk, and five associated individuals and companies.
organisation Zelenyuk
Investigation revealed that Zelenyuk has been running this operation since 2021, offering millions of pounds in rewards to hackers who can find weaknesses in American software and encrypted messaging apps.
"Zelenyuk and Operation Zero trade in 'exploits'—pieces of code or techniques that take advantage of vulnerabilities in a computer program to allow users to gain unauthorized access, steal information, or take control of an electronic device—and have offered rewards to anyone who will provide them with exploits for U.S.-built software," the Department of the Treasury said .
organisation Advance Security Solutions
" OFAC also sanctioned Zelenyuk's UAE-based front company, Special Technology Services LLC, as well as two individuals with prior ties to Operation Zero (including Oleg Vyacheslavovich Kucherov , who is a suspected member of the Trickbot cybercrime gang) and a second exploit brokerage firm, Advance Security Solutions, with operations in the United Arab Emirates and Uzbekistan.
organisation Special Technology Services LLC
" OFAC also sanctioned Zelenyuk's UAE-based front company, Special Technology Services LLC, as well as two individuals with prior ties to Operation Zero (including Oleg Vyacheslavovich Kucherov , who is a suspected member of the Trickbot cybercrime gang) and a second exploit brokerage firm, Advance Security Solutions, with operations in the United Arab Emirates and Uzbekistan.
organisation the Department of the Treasury
"Zelenyuk and Operation Zero trade in 'exploits'—pieces of code or techniques that take advantage of vulnerabilities in a computer program to allow users to gain unauthorized access, steal information, or take control of an electronic device—and have offered rewards to anyone who will provide them with exploits for U.S.-built software," the Department of the Treasury said .
organisation The Treasury Department’s
The Treasury Department’s press release identifies this group as an “exploit broker.”
organisation The Cost of Betrayal
The Cost of Betrayal The case involves the theft of eight proprietary cyber tools .
organisation OFAC
OFAC sanctioned the targets under the Protecting American Intellectual Property Act (PAIPA), a law specifically targeting intellectual property theft by foreign adversaries, the first time that law has been used since its enactment.
organisation the Protecting American Intellectual Property Act
OFAC sanctioned the targets under the Protecting American Intellectual Property Act (PAIPA), a law specifically targeting intellectual property theft by foreign adversaries, the first time that law has been used since its enactment.
organisation Modern
Modern IT infrastructure moves faster than manual workflows can handle.
organisation Tines
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
Tactical Metrics
Metrics
financial
1,300,000
Court
Along with his prison term, the court ordered him to give up $1.3 million, cryptocurrency, and various luxury items, including a house and expensive watches It is worth noting that Williams sold the stolen tools to Operation Zero in exchange for millions of dollars paid in cryptocurrencies.
Intelligence Sources
BleepingComputer 2026-02-25
HackRead 2026-02-25