The U.S. Department of the Treasury has imposed sanctions on a Russian exploit brokerage network accused of buying and selling stolen American cyber tools using cryptocurrency, its first action under the new Protecting American Intellectual Property Act.

Treasury’s Office of Foreign Assets Control designated Russian national Sergey Sergeyevich Zelenyuk, his company Operation Zero and several associated individuals and firms.

The sanctions block any property or financial interests of those designated that fall under U.S. jurisdiction and prohibit Americans from transacting with them.

Authorities say Zelenyuk ran his business from St. Petersburg and specialised in trading “exploits,” software tools that take advantage of vulnerabilities to access systems or extract sensitive data.

Among the tools traded were at least eight proprietary cyber capabilities created for exclusive use by the U.S. government and its allies before they were stolen.

The tools were stolen by Peter Williams, an Australian national and former employee of a U.S. defence contractor. The U.S. Department of Justice said Williams pleaded guilty in October 2025 to two counts of theft of trade secrets, admitting he sold the stolen software components to a Russian broker in exchange for millions of dollars in cryptocurrency.

Treasury Secretary Scott Bessent said the sanctions reflect a broad commitment to protecting American intellectual property and national security. “If you steal U.S. trade secrets, we will hold you accountable,” he said, emphasising that offenders could not operate with impunity.

The sanctions were imposed under Executive Order 13694, targeting cyber‑enabled activities that threaten U.S. national security, foreign policy or economic stability.

Simultaneously, the State Department applied penalties under the Protecting American Intellectual Property Act, with Zelenyuk and Operation Zero as the first individuals sanctioned under that statute.

Also sanctioned were Marina Evgenyevna Vasanovich, identified as Zelenyuk’s assistant; Special Technology Services LLC FZ, a UAE‑based technology firm under his control; Azizjon Makhmudovich Mamashoyev; and Oleg Vyacheslavovich Kucherov, who was separately linked by U.S. officials to the Trickbot cybercrime group, known for ransomware attacks on U.S. agencies and healthcare providers.

Treasury officials noted that Operation Zero advertised millions of dollars in cryptocurrency bounties for exploits targeting widely used U.S.‑built operating systems and encrypted messaging platforms.

Rather than disclose vulnerabilities to affected companies, the firm reportedly sold them to foreign buyers, including intelligence services in non‑NATO countries.

While cryptocurrency facilitated the transactions, Treasury confirmed that it did not publicly designate any specific wallet addresses or impose blockchain‑level sanctions as part of this action.