US Treasury Department Punishes Russian Merchant for Exploiting Crypto Cyber ​​Theft

The US Treasury Department has sanctioned a network of Russian vendors accused of buying stolen US government cyber tools in crypto and selling them to unauthorized buyers, marking the first use of new authorities under the US Intellectual Property Protection Act.

In an announcement on Tuesday, the Treasury’s Office of Foreign Assets Control designated a Russian, Sergey Sergeyevich Zelenyuk, and his company, Operation Zero, as well as several associates and related firms.

The act blocks any property or interests in the territory of designated parties that fall under US jurisdiction and prohibits US persons from using them.

The treasurer says that Zelenyuk, who works in St. Petersburg, created a business that finds and sells “exploits” – tools that take advantage of software vulnerabilities to gain unauthorized access to systems or extract data.

Among the assets recovered by Operation Zero were at least eight proprietary cyber tools developed by a US defense contractor for the exclusive use of the US government and select partners.

Those tools were stolen by Peter Williams, who is from Australia and was a contractor’s employee.

According to the Department of Justice, Williams stole trade secrets between 2022 and 2025 and sold them to Operation Zero for millions of dollars in cryptocurrency.

In October 2025, he pleaded guilty to two counts of theft of trade secrets following an investigation by the Department of Justice and the Federal Bureau of Investigation.

Scott Bessent: We’re going to prosecute you for stealing trade secrets

Treasury Secretary Scott Bessent said the positions reflect a broader effort to protect America’s sensitive intellectual property and protect national security.

“If you steal American trade secrets, we will arrest you,” Bessent said.

The sanctions were issued pursuant to Executive Order 13694, as amended, which targets malicious cyber-enabled activities that threaten US national security, foreign policy, or economic stability.

In parallel, the State Department imposed sanctions under the Protecting American Intellectual Property Act, a law that provides penalties for foreign actors who engage in or benefit from the theft of important US trade secrets when the conduct poses a national security or economic threat. Zelenyuk and Operation Zero were the first people authorized under that law.

The treasury also named several associates connected to the network, including Marina Evgenyevna Vasanovich, described as Zelenyuk’s aide, and Special Technology Services LLC FZ, a United Arab Emirates-based technology company controlled by Zelenyuk.

Two additional people, Azizjon Makhmudovich Mamashoyev and Oleg Vyacheslavovich Kucherov, were punished for providing material assistance. The Treasury identified Kucherov as a suspected member of the Trickbot cybercrime group, a malware program linked to ransomware attacks against US government agencies and healthcare providers.

Operation Zero advertised multi-million dollar crypto deals with profits mostly targeting the US’s most widely used operating systems and encrypted messaging platforms. The Treasury said the company did not disclose the vulnerabilities found to affected software companies and instead sought to sell them to customers in non-NATO countries, including foreign intelligence services.

While the Treasury said that crypto facilitates the transaction of stolen instruments, it did not publish specific crypto wallet addresses or put names specific to the blockchain.