The US government was announced on Tuesday sanctions on two companies that acquire and resell zero-day exploits, as well as sanctions on their founders and associates.
U.S. Treasury officials told TechCrunch that the government imposed sanctions against brokers of zero-days — security vulnerabilities in software that are unknown to its developer but can be used to hack people — because they pose a threat to U.S. national security, foreign policy and the economy.
The first company to be sanctioned is Operation Zero, a Russian company that started in 2021. The company made headlines in 2023 when it announced that it was offering up to $20 million for zero-days on Android and iPhone devices, and later announced that it was offering up to $4 million for zero-days on Telegram. The company claims to work exclusively with the Russian government and local organizations.
The Treasury Department’s Office of Foreign Assets Control (OFAC) said Operation Zero customers “could use the tools to launch ransomware attacks or engage in other malicious activities.”
The Treasury Department said it is also sanctioning the company’s founder, Sergey Zelenyuk, who officials have accused of selling holdings to foreign intelligence agencies and who they say tried to develop spyware and hacking technologies. The Treasury Department said Zelenyuk was involved in recruiting hackers and developing relationships with foreign intelligence services through social media. (Zero Mode has accounts on both X and Telegram.)
According to the Treasury Department, Operation Zero acquired “at least eight proprietary cyber tools, which were created for the exclusive use of the US government and select allies, and which were stolen from a US company” and then “sold these stolen tools to at least one unauthorized user.”
The Treasury Department said the sanctions against Operation Zero and Zelenyuk coincided with an FBI investigation into Peter Williams, who worked for US defense contractor L3Harris. In October, Williams pleaded guilty to selling at least eight of the company’s assets to an unspecified Russian broker.
The Treasury now says the broker was Operation Zero, something the government had not previously confirmed.
Contact us
Do you have more information about Operation Zero? Or the market for zero days? We would love to hear from you. From a non-working device, Lorenzo Franceschi-Bicchierai can be reached securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or via email.
Williams was the managing director of Trenchant, which develops hacking and surveillance tools for the US government and some of its top intelligence partners, including Australia, Canada, New Zealand and the UK – the so-called Five Eyes alliance of countries.
The Treasury Department did not respond to a series of questions related to today’s sanctions.
Along with taking action against Zelenyuk, the U.S. Treasury Department is imposing sanctions on a subsidiary company based in the United Arab Emirates called Special Technology Services, as well as Zelenyuk’s assistant, Marina Evgenyevna Vasanovich, and two people associated with the company, Azizjon Makhmudovich Mamashoyev and Oleg Kuushederovtion, who worked with Operatcheregly.
Operation Zero, Special Technology Services and Zelenyuk are subject to sanctions in parallel federal law of 2022 which allows the US government to sanction someone who has committed “significant theft of trade secrets,” according to the Treasury Department.
The Treasury Department says Kucherov, a Russian national, is suspected of being a member of the prolific TrickBot ransomware gang, whose alleged members have previously been sanctioned by the US and UK.
Mamashoyev is said to be the founder of Advance Security Solutions, another UAE-based zero-day broker that was also sanctioned today.
Advance Security Solutions launched last year, offering up to $20 million for zero days that could help hack any type of smartphone with a text message. The broker also offered high-paying bounties for hacking tools on popular software and hardware such as Android, iPhone, Windows and Chrome devices.
Operation Zero and Zelenyuk did not respond to a request for comment. Kucherov, Mamasoyev and Vasanovich could not immediately be reached for comment.
When contacted by TechCrunch, a person managing an Advance Security Solutions chat account claimed without evidence that Mamashoyev is not the company’s founder.
