The U.S. government announced sanctions on Tuesday against two companies that acquire and resell zero-day exploits, along with their founders and associates. Officials with the U.S. Treasury stated that these sanctions target brokers of zero-days, which are security vulnerabilities unknown to software developers but can be used to hack people. The government views these brokers as a threat to U.S. national security, foreign policy, and economy.
The first sanctioned company is Operation Zero, a Russian firm launched in 2021. The company gained attention in 2023 when it offered up to $20 million for zero-days in Android devices and iPhones. It later announced offers of up to $4 million for zero-days in Telegram. The company claims to work exclusively with the Russian government and local organizations.
The Treasury’s Office of Foreign Assets Control said that Operation Zero’s customers could use the tools to launch ransomware attacks or engage in other malign activities. The Treasury is also sanctioning the company’s founder, Sergey Zelenyuk. Officials accused Zelenyuk of selling exploits to foreign intelligence agencies and seeking to develop spyware and hacking technologies. The Treasury stated he engaged in recruiting hackers and building relationships with foreign intelligence agencies through social media.
According to the Treasury, Operation Zero acquired at least eight proprietary cyber tools created for the exclusive use of the U.S. government and select allies. These tools were stolen from a U.S. company and then sold to at least one unauthorized user.
The sanctions against Operation Zero and Zelenyuk coincide with an FBI investigation into Peter Williams, a former employee of U.S. defense contractor L3Harris. In October, Williams pleaded guilty to selling at least eight of the company’s exploits to an unspecified Russian broker. The Treasury now confirms that broker was Operation Zero.
Williams was the general manager at Trenchant, which develops hacking and surveillance tools for the U.S. government and its Five Eyes intelligence partners: Australia, Canada, New Zealand, and the United Kingdom.
Alongside the action against Zelenyuk, the U.S. Treasury is sanctioning an affiliate company based in the United Arab Emirates called Special Technology Services. Also sanctioned are Zelenyuk’s assistant, Marina Evgenyevna Vasanovich, and two people associated with the company: Azizjon Makhmudovich Mamashoyev and Oleg Vyacheslavovich Kucherov, who have allegedly worked with Operation Zero.
Operation Zero, Special Technology Services, and Zelenyuk are being sanctioned under a 2022 federal law that allows the U.S. government to impose sanctions on those who commit significant thefts of trade secrets.
The Treasury says Kucherov, a Russian national, is suspected of being a member of the prolific ransomware gang Trickbot, whose alleged members were previously sanctioned by the U.S. and the United Kingdom.
Mamashoyev is allegedly the founder of Advance Security Solutions, another zero-day broker based in the UAE, which was also sanctioned today. Advance Security Solutions launched last year, offering up to $20 million for zero-days that could hack any smartphone via a text message. The broker also offered high-paying bounties for hacking tools in popular software and hardware like Android devices, iPhones, Windows, and Chrome.
Operation Zero and Zelenyuk did not respond to a request for comment. Kucherov, Mamashoyev, and Vasanovich could not be immediately reached. When contacted, a person operating an Advanced Security Solutions chat account claimed without evidence that Mamashoyev is not the founder of the company.