US Sanctions Russian Broker for Buying Stolen Zero-Day Exploits

Post Views: 7

US Imposes Sanctions on Russian Exploit Broker for Purchasing Stolen Zero-Day Exploits

The US Treasury Department has taken action against a Russian exploit broker, imposing sanctions on the company and its owner for purchasing stolen zero-day exploits from a former executive of a US defense contractor.

Sanctions Imposed Under PAIPA

The Office of Foreign Assets Control (OFAC) designated Matrix LLC, also known as Operation Zero, and its owner Sergey Sergeyevich Zelenyuk, along with five associated individuals and companies, under the Protecting American Intellectual Property Act (PAIPA). This marks the first time the law has been used since its enactment.

Background on the Case

The sanctions coincide with the sentencing of Peter Williams, a former general manager of Trenchant, a cybersecurity unit of US defense contractor L3Harris. Williams was sentenced to 87 months in prison for stealing eight zero-day exploits from Trenchant and selling them to Operation Zero for approximately $1.3 million in cryptocurrency. The stolen exploits were designed exclusively for use by the US government and allied intelligence agencies.

Operation Zero’s Activities

Operation Zero offers bounties to security researchers and others for the development or acquisition of exploits targeting commonly used software, including US-built operating systems and encrypted messaging applications. The company claims to sell zero-day exploits only to Russian private and government organizations, although its clients also include the Russian government.

According to the Department of the Treasury, Zelenyuk and Operation Zero trade in exploits that can be used to gain unauthorized access, steal information, or take control of electronic devices.

Additional Sanctions

In addition to Operation Zero, OFAC also sanctioned Zelenyuk’s UAE-based front company, Special Technology Services LLC, as well as two individuals with prior ties to Operation Zero, including Oleg Vyacheslavovich Kucherov, a suspected member of the Trickbot cybercrime gang. A second exploit brokerage firm, Advance Security Solutions, with operations in the UAE and Uzbekistan, was also sanctioned.

Consequences of Sanctions

The sanctions freeze all US-held assets belonging to designated entities and individuals, exposing American businesses and individuals conducting transactions with them to secondary sanctions or enforcement actions.