The U.S. Treasury has taken significant action by imposing sanctions on two companies involved in the acquisition and resale of zero-day exploits, alongside their founders and associates. This decision reflects growing concerns over the potential threats these brokers pose to national security, foreign policy, and the economy.
Among those sanctioned is Operation Zero, a Russian enterprise established in 2021. The company gained notoriety in 2023 for its offer of up to $20 million for zero-day vulnerabilities in Android and iPhone devices, and later announced a bounty of $4 million for exploits related to Telegram. Operation Zero claims to exclusively collaborate with the Russian government and local organizations.
The Treasury's Office of Foreign Assets Control (OFAC) has expressed that Operation Zero's tools could facilitate ransomware attacks or other harmful activities. The founder, Sergey Zelenyuk, has been accused of selling exploits to foreign intelligence entities and attempting to develop spyware and hacking technologies. Reports indicate he has actively recruited hackers and established connections with foreign agencies using social media platforms.
According to the Treasury, Operation Zero has acquired at least eight proprietary cyber tools originally developed for U.S. government use, which were subsequently stolen from a U.S. company and sold to unauthorized users.
This sanctioning aligns with an ongoing FBI investigation into Peter Williams, a former employee of U.S. defense contractor L3Harris, who recently pleaded guilty to selling multiple exploits to an unnamed Russian broker, later identified as Operation Zero.
In addition to Zelenyuk, the Treasury has also sanctioned an affiliate company based in the UAE, Special Technology Services, along with Zelenyuk's assistant, Marina Evgenyevna Vasanovich, and two associates, Azizjon Makhmudovich Mamashoyev and Oleg Vyacheslavovich Kucherov, who are alleged to have collaborated with Operation Zero.
These sanctions are enacted under a 2022 federal law that permits the U.S. government to penalize individuals involved in significant thefts of trade secrets. Kucherov is suspected of connections to the notorious Trickbot ransomware group, previously sanctioned by both U.S. and UK authorities.
Mamashoyev is reportedly the founder of Advance Security Solutions, another zero-day broker based in the UAE, which was also sanctioned. This company recently emerged, offering substantial rewards for hacking tools across various platforms, including smartphones and operating systems.
As the situation evolves, Operation Zero and its affiliates have not provided any comments regarding the sanctions, highlighting the ongoing challenges in the realm of cybersecurity and the fight against digital exploitation.