The U.S. government announced on Tuesday sanctions against two companies involved in acquiring and reselling zero-day exploits, along with sanctions on their founders and associates.
U.S. Treasury officials informed TechCrunch that sanctions were placed on zero-day brokers—these are software vulnerabilities unknown to developers that can be exploited for hacking—because they are considered threats to U.S. national security, foreign policy, and economy.
The first affected entity is Operation Zero, a Russian company established in 2021. It gained attention in 2023 for offering up to $20 million for zero-days in Android devices and iPhones, and later for offering up to $4 million for Telegram zero-days. The company claims to serve only the Russian government and local entities.
The Treasury’s Office of Foreign Assets Control (OFAC) noted that Operation Zero’s clients “could exploit these tools for ransomware attacks or other harmful activities.”
There are also sanctions on the company’s founder, Sergey Zelenyuk, for allegedly selling exploits to foreign intelligence and developing espionage and hacking technologies. He was accused of recruiting hackers and building ties with foreign intelligence via social media. (The company has accounts on X and Telegram.)
Operation Zero reportedly acquired “at least eight proprietary cyber tools intended for U.S. government and selected allies, stolen from a U.S. company,” and then “sold those tools to unauthorized users,” says the Treasury.
The sanctions coincide with an FBI probe into Peter Williams, former employee of U.S. defense contractor L3Harris. Williams pleaded guilty to selling at least eight company exploits to an unspecified Russian broker, now identified as Operation Zero by the Treasury.
Contact Us
Do you have more information about Operation Zero or the zero-day market? We’d like to hear from you. Securely contact Lorenzo Franceschi-Bicchierai on Signal at +1 917 257 1382, or via Telegram, Keybase, and Wire @lorenzofb, or by email.
Williams was a general manager at Trenchant, which creates hacking and surveillance tools for the U.S. government and key intelligence allies, including the Five Eyes group: the U.S., Australia, Canada, New Zealand, and the United Kingdom.
The Treasury did not answer further queries regarding the sanctions announced today.
In addition to targeting Zelenyuk, the U.S. Treasury is sanctioning an affiliate, Special Technology Services in the UAE; Zelenyuk’s assistant, Marina Evgenyevna Vasanovich; and two associates, Azizjon Makhmudovich Mamashoyev and Oleg Vyacheslavovich Kucherov, allegedly involved with Operation Zero.
Operation Zero, Special Technology Services, and Zelenyuk are sanctioned under <a rel="nofollow" href="