The U.S. government announced on Tuesday sanctions against two companies that acquire and resell zero-day exploits, as well sanctioning their founders and their associates.
Officials with the U.S. Treasury told TechCrunch that the government was imposing sanctions against the brokers of zero-days — security vulnerabilities in software that are unknown to its developer but can be abused to hack people — as they pose a threat to U.S. national security, foreign policy, and economy.
The first sanctioned company is Operation Zero, a Russian firm that launched in 2021. The company made headlines in 2023 when it announced that it was offering up to $20 million for zero-days in Android devices and iPhones, and later announced that it was offering up to $4 million for zero-days in Telegram. The company claims to work exclusively with the Russian government and local organizations.
The Treasury’s Office of Foreign Assets Control (OFAC) said that Operation Zero’s customers “could use the tools to launch ransomware attacks or engage in other malign activities.”
The Treasury said it’s also sanctioning the company’s founder, Sergey Zelenyuk, who officials accused of selling exploits to foreign intelligence agencies, and who say he sought to develop spyware and hacking technologies. The Treasury said Zelenyuk engaged in recruiting hackers and developing relationships with foreign intelligence agencies through social media. (Operation Zero has accounts on both X and Telegram.)
According to the Treasury, Operation Zero acquired “at least eight proprietary cyber tools, which were created for the exclusive use of the U.S. government and select allies and which were stolen from a U.S. company,” and then “sold those stolen tools to at least one unauthorized user.”
The Treasury said that the sanctions against Operation Zero and Zelenyuk coincide with an FBI investigation into Peter Williams, who worked for U.S. defense contractor L3Harris. In October, Williams pleaded guilty to selling at least eight of the company’s exploits to an unspecified Russian broker.
The Treasury now says that the broker was Operation Zero, something that the government had not previously confirmed.
Contact Us
Do you have more information about Operation Zero? Or the market for zero-days? We’d love to hear from you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or . Do you have more information about Operation Zero? Or the market for zero-days? We’d love to hear from you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email
... continue reading