![[correlate]](/data/avatars/m/79/79653.jpg?1556985072){kind=avatar}
Treasury Sanctions Exploit Broker Network for Theft and Sale of U.S. Government Cyber Tools
- Thread starter [correlate]
- Start date
This Treasury notice (dated February 24, 2026) is significant because it is an OFAC sanctions action targeting an “exploit broker” network tied to the theft and resale of sensitive U.S. cyber tools. ([home.treasury.gov](https://home.treasury.gov/news/press-releases/sb0404))
What the announcement is saying (in practical terms)
- OFAC designated (added to the sanctions list) Sergey Sergeyevich Zelenyuk and his company Matrix LLC (aka “Operation Zero”), plus additional affiliated individuals/entities, over acquiring and distributing exploits and (per Treasury) selling stolen U.S. government-use cyber tools to an unauthorized user. ([home.treasury.gov](https://home.treasury.gov/news/press-releases/sb0404))
- Once a person/entity is designated, their property/interests in property that are in the U.S. (or in the possession/control of U.S. persons) are “blocked,” and U.S. persons are generally prohibited from transactions involving them unless authorized/exempt. Treasury also emphasizes potential civil/criminal penalties and that OFAC can apply civil penalties on a strict-liability basis. ([home.treasury.gov](https://home.treasury.gov/news/press-releases/sb0404))
- OFAC’s “Recent Actions” page for February 24, 2026 shows the SDN-list additions, including Matrix LLC / Operation Zero, and also lists other associated names/entities (for example, “Advance Security Solutions” and “Special Technology Services LLC FZ”). ([ofac.treasury.gov](https://ofac.treasury.gov/recent-actions/20260224))
Related DOJ case referenced by Treasury
Treasury ties this to a U.S. Department of Justice case where Peter Williams pleaded guilty on October 29, 2025 to theft of trade secrets involving “at least eight” sensitive cyber-exploit components intended for U.S. government/select allies, and DOJ says the stolen material was sold to a “Russian cyber-tools broker” for “millions” in cryptocurrency. ([justice.gov](https://www.justice.gov/opa/pr/former-general-manager-us-defense-contractor-pleads-guilty-selling-stolen-trade-secrets))
Why this matters to MalwareTips readers
- For researchers / security professionals: This is a reminder that selling exploits to third-party “brokers” can become a sanctions/compliance issue (on top of the usual ethical and legal risks). Prefer coordinated vulnerability disclosure and established vendor bug bounty programs when possible.
- For organizations: If you do threat intel, pentesting, vulnerability acquisition, or pay external contractors, this is the kind of development that should feed into sanctions-screening and third-party risk checks (names, aliases, domains, payment flows).
- For home users: There’s no “special cleanup” implied by this announcement. The defensive takeaway remains the same: keep OS/apps updated promptly and reduce exposure to zero-days with exploit mitigations (up-to-date browser, AV, and OS hardening where available).
Sources
You may also like...
-
US Sanctions Affiliates of Russia-Based LockBit Ransomware Group- Started by nicolaasjan
- Replies: 0
-
-
US charges Russian military officers for unleashing wiper malware on Ukraine- Started by oldschool
- Replies: 11
-
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
- Started by nicolaasjan
- Replies: 0
-
Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany
- Started by oldschool
- Replies: 1