On Tuesday, the U.S. government announced sanctions against two companies that acquire and resell zero-day exploits, along with their founders and associates. Officials from the U.S. Treasury told TechCrunch that these sanctions target brokers of zero-days, which are security vulnerabilities unknown to the software developer but can be abused to hack people. The government stated these brokers pose a threat to U.S. national security, foreign policy, and economy.
The first sanctioned company is Operation Zero, a Russian firm launched in 2021. The company gained attention in 2023 when it announced it was offering up to $20 million for zero-days in Android devices and iPhones. It later announced offers of up to $4 million for zero-days in Telegram. The company claims to work exclusively with the Russian government and local organizations.
The Treasury’s Office of Foreign Assets Control said that Operation Zero’s customers could use the tools to launch ransomware attacks or engage in other malign activities. The Treasury is also sanctioning the company’s founder, Sergey Zelenyuk. Officials accused him of selling exploits to foreign intelligence agencies and seeking to develop spyware and hacking technologies. The Treasury stated Zelenyuk engaged in recruiting hackers and developing relationships with foreign intelligence agencies through social media.
According to the Treasury, Operation Zero acquired at least eight proprietary cyber tools created for the exclusive use of the U.S. government and select allies, which were stolen from a U.S. company. The company then sold those stolen tools to at least one unauthorized user.
The sanctions against Operation Zero and Zelenyuk coincide with an FBI investigation into Peter Williams, who worked for U.S. defense contractor L3Harris. In October, Williams pleaded guilty to selling at least eight of the company’s exploits to an unspecified Russian broker. The Treasury now confirms that broker was Operation Zero.
Williams was the general manager at Trenchant, which develops hacking and surveillance tools for the U.S. government and some of its top intelligence partners, including Australia, Canada, New Zealand, and the United Kingdom—the so-called alliance of Five Eyes countries.
Along with taking action against Zelenyuk, the U.S. Treasury is sanctioning an affiliate company based in the United Arab Emirates called Special Technology Services, as well as Zelenyuk’s assistant, Marina Evgenyevna Vasanovich, and two people associated with the company, Azizjon Makhmudovich Mamashoyev and Oleg Vyacheslavovich Kucherov, who have allegedly worked with Operation Zero.
Operation Zero, Special Technology Services, and Zelenyuk are being sanctioned in parallel under a 2022 federal law that allows the U.S. government to impose sanctions on someone who committed significant thefts of trade secrets.
The Treasury says Kucherov, a Russian national, is suspected of being a member of the prolific ransomware gang TrickBot, whose alleged members were previously sanctioned by the U.S. and the United Kingdom.
Mamashoyev is allegedly the founder of Advance Security Solutions, another zero-day broker based in the UAE, which was also sanctioned today. Advance Security Solutions launched last year, offering up to $20 million for zero-days that could help hack into any type of smartphone with a text message. The broker also offered high-paying bounties for hacking tools in popular software and hardware like Android devices, iPhones, Windows, and Chrome.
Operation Zero and Zelenyuk did not respond to a request for comment. Kucherov, Mamashoyev, and Vasanovich could not be immediately reached for comment. When contacted by TechCrunch, a person operating an Advance Security Solutions’ chat account claimed without evidence that Mamashoyev is not the founder of the company. The Treasury did not respond to a series of questions related to today’s sanctions.