US Sanctions Russian Broker Over Stolen Zero-Day Exploits
▼ Summary
– The U.S. Treasury sanctioned Russian exploit broker Operation Zero and its owner, Sergey Zelenyuk, for intellectual property theft under the Protecting American Intellectual Property Act.
– The sanctions target the company and individuals for buying stolen zero-day exploits from a former U.S. defense contractor employee, Peter Williams, who was sentenced to prison.
– Operation Zero acquires and sells hacking tools, offering bounties for exploits targeting U.S.-built software and encrypted messaging applications.
– The stolen tools were proprietary cyber tools created exclusively for the U.S. government and allies, which Operation Zero then sold to unauthorized users.
– The sanctions freeze U.S. assets of the designated entities and prohibit American businesses from transacting with them, risking secondary penalties.
The U.S. Treasury Department has imposed sanctions on a Russian cyber broker and his network for purchasing stolen hacking tools, marking the first use of a key law designed to protect American intellectual property. This action targets Sergey Sergeyevich Zelenyuk and his company, Matrix LLC, which operates under the name Operation Zero. The sanctions were levied under the Protecting American Intellectual Property Act (PAIPA), signaling a new enforcement approach against foreign adversaries engaged in the theft of sensitive technology.
The case is directly linked to the recent sentencing of Peter Williams, a former executive at Trenchant, a cybersecurity unit of U.S. defense contractor L3Harris. Williams admitted to stealing eight highly sensitive zero-day exploits from his employer and selling them to Operation Zero for about $1.3 million in cryptocurrency. These tools were developed exclusively for use by U.S. government and allied intelligence agencies, making their theft a significant national security breach. Williams received an 87-month prison sentence.
Operation Zero functions as a brokerage, offering substantial financial bounties to researchers for the development or acquisition of exploits that target widely used software, including American-made operating systems and encrypted messaging apps. The company claims it sells these capabilities solely to Russian private and government organizations. Treasury officials stated that Operation Zero acquired at least eight proprietary cyber tools stolen from a U.S. firm and subsequently sold them to at least one unauthorized party.
The sanctions extend beyond Zelenyuk and his primary company. The Treasury’s Office of Foreign Assets Control (OFAC) also designated his UAE-based front company, Special Technology Services LLC. Additionally, sanctions were placed on two individuals with prior links to Operation Zero, one of whom is suspected of ties to the Trickbot cybercrime gang, and a second exploit brokerage firm named Advance Security Solutions, which operates in the United Arab Emirates and Uzbekistan.
These designations effectively freeze any U.S. assets held by the sanctioned entities and individuals. They also serve as a stark warning, exposing any American businesses or individuals who engage in transactions with them to potential secondary sanctions or enforcement actions. This move aims to disrupt the financial and operational networks that enable the trade in stolen cyber capabilities.
(Source: Bleeping Computer)
