US sanctions Russian broker for buying stolen zero-day exploits

The U.S. Treasury Department has sanctioned a Russian exploit broker who bought stolen hacking tools from a former executive of a U.S. defense contractor.

The Department’s Office of Foreign Assets Control (OFAC) designated Matrix LLC (doing business as Operation Zero and headquartered in St. Petersburg, Russia) on Tuesday, along with its owner, Sergey Sergeyevich Zelenyuk, and five associated individuals and companies.

OFAC sanctioned the targets under the Protecting American Intellectual Property Act (PAIPA), a law specifically targeting intellectual property theft by foreign adversaries, the first time that law has been used since its enactment.

The designations also coincide with the sentencing of Peter Williams, a 39-year-old Australian national and former general manager of Trenchant, a cybersecurity unit of U.S. defense contractor L3Harris that develops zero-day exploits and surveillance tools.

Williams was sentenced Tuesday to 87 months in prison after pleading guilty in October to stealing eight zero-day exploits from Trenchant and selling them to Operation Zero for approximately $1.3 million in cryptocurrency, even though they were designed exclusively for use by the U.S. government and allied intelligence agencies.

Operation Zero is offering millions of dollars in bounties to security researchers and others for the development or acquisition of exploits targeting commonly used software, including U.S.-built operating systems and encrypted messaging applications.

The company, whose clients also include the Russian government, says it’s selling zero-day exploits only to Russian private and government organizations.

“Zelenyuk and Operation Zero trade in ‘exploits’—pieces of code or techniques that take advantage of vulnerabilities in a computer program to allow users to gain unauthorized access, steal information, or take control of an electronic device—and have offered rewards to anyone who will provide them with exploits for U.S.-built software,” the Department of the Treasury said.

“Among the exploits that Operation Zero acquired were at least eight proprietary cyber tools, which were created for the exclusive use of the U.S. government and select allies and which were stolen from a U.S. company.  Operation Zero then sold those stolen tools to at least one unauthorized user.”

OFAC also sanctioned Zelenyuk’s UAE-based front company, Special Technology Services LLC, as well as two individuals with prior ties to Operation Zero (including Oleg Vyacheslavovich Kucherov, who is a suspected member of the Trickbot cybercrime gang) and a second exploit brokerage firm, Advance Security Solutions, with operations in the United Arab Emirates and Uzbekistan.

The sanctions freeze all U.S.-held assets belonging to designated entities and individuals and expose American businesses and individuals conducting transactions with them to secondary sanctions or enforcement actions.

The future of IT infrastructure is here

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.

Get the guide