The U.S. Treasury Department on Tuesday sanctioned a Russian cyber-tools broker, Operation Zero, and its key individual, Sergey Sergeyevich Zelenyuk, for facilitating the purchase and resale of stolen U.S. Technology using cryptocurrency. The sanctions stem from the acquisition of highly sensitive cyber exploits originally stolen by a former L3Harris employee, Peter Williams, an Australian national.
According to the Treasury Department, Operation Zero actively solicits hackers and attempts to cultivate relationships with foreign intelligence services through social media. The tools brokered by Zelenyuk and his company are designed to exploit previously unknown vulnerabilities – known as “zero-day” exploits – in software, providing powerful offensive capabilities to those who acquire them.
Williams, who previously served as general manager of Trenchant, a division of L3Harris specializing in surveillance and hacking tools, pleaded guilty last year to stealing and selling these trade secrets. Between 2022 and July 2025, he illicitly transferred eight such exploits from the company’s highly secured network, utilizing a portable external hard drive to move the data from offices in Sydney, Australia, and Washington, D.C., to a personal device. Despite the exploits being potentially worth $35 million, Williams received only $1.3 million in cryptocurrency for their sale.
The court documents reveal Williams possessed “super-user” access to Trenchant’s internal network, granting him full visibility into the company’s security tools and trade secrets. This access, coupled with his tenure at the company, allowed him to bypass multi-factor authentication and other security measures. The stolen exploits were then sold to Operation Zero, which subsequently resold them to an undisclosed clientele.
Treasury Secretary Scott Bessen stated the department will “continue to function with other parts of the Trump Administration to protect sensitive U.S. Intellectual property and safeguard our national security.” The sanctions against Zelenyuk and Operation Zero mark the first time individuals have been sanctioned under the Protecting American Intellectual Property Act, according to the Treasury Department.
The Office of Foreign Assets Control (OFAC) sanctions effectively prohibit U.S. Persons from engaging in any transactions with the sanctioned entities or individuals. The Treasury Department noted the use of cryptocurrency in the transactions, though it did not specify particular cryptocurrency addresses associated with the illicit activity. A recent report by TRM Labs indicated a surge in criminal use of cryptocurrency following a period of decline, though no direct link to the Operation Zero case was established.
The FBI investigation into Peter Williams remains ongoing, and the full extent of the damage caused by the stolen exploits is still being assessed. The U.S. Government has not yet publicly disclosed the specific software vulnerabilities compromised by the theft, nor has it detailed the potential impact on national security.
