The U.S. has sentenced an ex-defense contractor, Peter Williams, to 87 months in jail for selling eight cyber exploits to a Russian cyber tools broker. In a parallel Tuesday announcement, the Treasury Department also sanctioned the exploit broker network that had acquired the tools. 

The sentencing comes four months after Australian national Williams pleaded guilty to two counts of theft of trade secrets, which happened between 2022 and 2025. The software was supposed to be sold exclusively to the U.S. government and its allies, but Williams sold them to a company known to resell exploits to various customers, including the Russian government.

In return, Williams received millions of dollars in cryptocurrency payments, which he used to buy things like luxury vacations, jewelry, watches, clothing, and properties. While the U.S. did not name the defense contractor, Williams reportedly worked for Trenchant, a division of L3Harris.

“Williams took trade secrets comprised of national security software and sold them for up to $4 million in crypto currency,” said U.S. Attorney Jeanine Pirro for the District of Columbia, in a statement. “These incredibly powerful tools would have allowed Russia to access millions of digital devices. By betraying a position of trust and selling sensitive American technology, Williams’ crime is not only one of theft, it is a crime of national security.”

The Treasury Department on Tuesday also announced that it was sanctioning the exploit broker network that acquired the software. This network is reportedly made up of Sergey Sergeyevich Zelenyuk and his company, Matrix LLC, as well as five associated individuals and entities. Matrix LLC, which does business as Operation Zero, is headquartered in St. Petersburg, Russia and has operated as an exploit broker since 2021, according to the Treasury Department. 

After purchasing the exploits, Operation Zero then sold the stolen tools to at least one unauthorized user, according to the Treasury Department’s statement. 

Exploit brokers offer hefty amounts of money in exchange for the development or acquisition of exploits, which are used to target popular software like operating systems or encrypted messaging apps. Customers then use these exploits to launch ransomware or other types of attacks. 

In its Tuesday release, the U.S. provided further details about how Operation Zero – and the affiliates across its network – have operated.

“In advertisements and other public-facing materials, Zelenyuk and Operation Zero have stated that they will only sell the exploits they acquire to customers from non-NATO countries,” according to the Treasury Department on Tuesday. “Zelenyuk, through Operation Zero, has sought to sell exploits to foreign intelligence agencies. Zelenyuk and Operation Zero have also sought to develop other cyber intelligence systems, including spyware and methods to extract personal identifying information and other sensitive data uploaded by users of artificial intelligence applications like large language models. Operation Zero has sought to recruit hackers to support its activities and develop business relationships with foreign intelligence agencies through use of social media.”

The other affiliated companies and individuals include Zelenyuk’s assistant, Marina Evgenyevna Vasanovich, and STS, a UAE-based technology company controlled by Zelenyuk. Additionally, the U.S. designated Azizjon Makhmudovich Mamashoyev and Oleg Vyacheslavovich Kucherov – the latter being a Russian national and a suspected member of the Trickbot cybercrime gang.

“Kucherov and Mamashoyev have previously had work relationships with Operation Zero,” according to the U.S. “OFAC is designating Mamashoyev and Kucherov pursuant to E.O. 13694, as further amended, for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods and services to or in support of, Zelenyuk.”

Finally, the U.S. sanctioned Advance Security Solutions, another offensive cybersecurity company created by Mamashoyev with operations in the UAE and Uzbekistan.

“As a result of today’s action, all property and interests in property of the designated or blocked persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC,” according to the U.S. “In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked.”

  • Recent Posts

  • Recent Comments

    No comments to show.