The U.S. Treasury Department and the U.S. Department of State imposed sanctions on a Russian national and his firm for allegedly acquiring and selling stolen cyber tools originally developed for the U.S. government, officials announced Tuesday.
The Office of Foreign Assets Control (OFAC) sanctioned Sergey Sergeyevich Zelenyuk and Matrix LLC, doing business as Operation Zero, as well as five related individuals and entities. The firm traded in stolen information and technology that has the potential to undermine national security, according to a Treasury Department statement.
“If you steal U.S. trade secrets, we will hold you accountable,” Secretary of the Treasury Scott Bessent said in a statement. “Treasury will continue to work alongside the rest of the Trump Administration to protect sensitive American intellectual property and safeguard our national security.”
Treasury officials allege Operation Zero acquired at least eight specialized cyber tools—designed for the U.S. government and select allies—that were stolen from a U.S. company.Operation Zero restricted sales to non-NATO nations. It also pursued partnerships with foreign intelligence services on social media. The company also allegedly considered developing its own spyware and techniques to skim data from AI platforms.
The Treasury Department also designated Oleg Vyacheslavovich Kucherov, whom it suspects of involvement with the Trickbot cybercrime group, which was previously sanctioned by OFAC in 2023 due to malware enabling ransomware deployed against U.S. entities, such as government and health care facilities.
The sanctions use a new tool at the disposal of the U.S. Treasury, namely, Executive Orders 13694 and 14306, which specifically address malicious cyber operations against the United States.
Simultaneously, the Department of State sanctioned Zelenyuk, Operation Zero, and an affiliated United Arab Emirates company, Special Technology Services LLC FZ (STS), under the Protecting American Intellectual Property Act (PAIPA).
The case is unfolding as the Justice Department and FBI investigate Peter Williams, an Australian former employee of the U.S. company from whom the tools were stolen.
Williams pleaded guilty on Oct. 29, 2025, to two counts of trade secret theft. He admitted to stealing tools over three years and selling them to Operation Zero. He earned millions in cryptocurrency.
“America’s national security is NOT FOR SALE, especially in an evolving threat landscape where cybercrime poses a serious danger to our citizens,” Attorney General Pam Bondi said at the time. “Thank you to all the attorneys who worked so hard to secure this guilty plea.”
The sanctions dictate that transactions involving all U.S.-held property of the sanctioned parties are blocked. Entities owned 50 percent or more by sanctioned individuals face similar restrictions.
U.S. citizens are also blocked from transactions involving these assets, with violations risking civil or criminal penalties. OFAC notes that sanctions are designed to encourage behavioral change. Individuals and firms placed on the sanctions list may be removed from the list if they comply with specified requirements.
