The US government on Tuesday announced sanctions against two companies that acquire and resell zero-day exploits, as well as their founders and their associates.
U.S. Treasury officials told TechCrunch that the government is imposing sanctions on brokers of zero-days (software security vulnerabilities that are unknown to developers but can be exploited to hack people) because they pose a threat to U.S. national security, foreign policy, and the economy.
The first company to be sanctioned is Operation Zero, a Russian company founded in 2021. The company made headlines when it announced it would give up to $20 million for zero-days for Android devices and iPhones in 2023, and later announced it would give up to $4 million for zero-days for Telegram. The company claims to work exclusively with the Russian government and local organizations.
The Treasury Department’s Office of Foreign Assets Control (OFAC) said Operation Zero customers “may use the tools to launch ransomware attacks or engage in other malicious activity.”
The Treasury Department also announced sanctions against Sergei Zelenyuk, the company’s founder whom authorities accuse of selling exploits to foreign intelligence services and who they say aimed to develop spyware and hacking technology. According to the Treasury Department, Zelenyuk recruited hackers through social media and established relationships with foreign intelligence agencies. (Operation Zero has accounts on both X and Telegram.)
According to the Treasury Department, Operation Zero acquired “at least eight proprietary cyber tools created exclusively for the U.S. government and certain allies and stolen from U.S. companies” and then “sold those stolen tools to at least one unauthorized user.”
The Treasury Department said Operation Zero and the sanctions against Zelenyuk coincided with an FBI investigation into Peter Williams, who worked for U.S. defense contractor L3Harris. In October, Williams pleaded guilty to selling at least eight of the company’s exploits to unspecified Russian brokers.
The Treasury now says the broker was Operation Zero, but the government has not previously confirmed this.
inquiry
Do you have more information about Operation Zero? Or is it a zero-day market? We would love to hear your thoughts. You can contact Lorenzo Franceschi-Bicchierai securely from any non-work device on Signal (+1 917 257 1382) or on Telegram, Keybase and Wire @lorenzofb, or email.
Mr. Williams was the general manager of Trenchint, which develops hacking and surveillance tools for the U.S. government and some of its top intelligence partners, including Australia, Canada, New Zealand, and the United Kingdom (the so-called Five Eyes coalition).
The Treasury Department did not respond to a series of questions about sanctions on the day.
In addition to taking action against Mr. Zelenyuk, the U.S. Treasury Department has also sanctioned a United Arab Emirates-based company called Special Technology Services, Mr. Zelenyuk’s aide Marina Evgenievna Vasanovich, and two associates of Zelenyuk who allegedly collaborated with Operation Zero, Adzizhon Mahmudovich Mamashoev and Oleg Vyacheslavovich Kucherov.
According to the Treasury Department, Operation Zero, Special Technical Services and Zelenyuk are subject to parallel sanctions under a 2022 federal law that allows the U.S. government to impose sanctions on those who commit “gross theft of trade secrets.”
Kucherov, a Russian national, is a suspected member of the prolific ransomware group Trickbot, whose suspected members have previously been sanctioned by the United States and Britain, the Treasury Department said.
Mamashoev is said to be the founder of Advance Security Solutions, another zero-day broker based in the United Arab Emirates, which was also sanctioned today.
Advance Security Solutions launched last year and is offering up to $20 million for a zero-day service that can send text messages to and hack any type of smartphone. The broker also offered high bounties on popular software and hardware hacking tools such as Android devices, iPhones, Windows, and Chrome.
Operation Zero and Zelenyuk did not respond to requests for comment. Kucherov, Mamashoev and Basanovich could not be reached for comment.
When contacted by TechCrunch, the person running the Advance Security Solutions chat account claimed without evidence that Mamashoev was not the company’s founder.
