On February 24, 2026, the US Departments of the Treasury and State announced coordinated sanctions targeting a Russia‑based cyber exploit broker network for the theft and resale of US trade secret cyber tools. These sanctions mark the first ever enforcement action under the Protecting American Intellectual Property Act (“PAIPA”) and reflect an expanded US sanctions approach to cyber‑enabled intellectual property theft. Our prior blog post on the enactment of the PAIPA is available here.
Treasury Department Action
The Treasury Department’s Office of Foreign Assets Control (“OFAC”) designated Sergey Sergeyevich Zelenyuk, his company Matrix LLC (operating as “Operation Zero”), and several affiliated individuals and entities pursuant to Executive Order (“E.O.”) 13694, as amended by E.O. 14306 . OFAC alleges that Operation Zero acquired and resold, to at least one unauthorized user, stolen proprietary exploits developed exclusively for US government and allied use. Exploits are pieces of code or techniques that take advantage of vulnerabilities in a computer program to allow users to gain unauthorized access, steal information, or take control of an electronic device.
As a result of the designations, all property and interests in property of the designated parties within US jurisdiction are blocked, and US persons are generally prohibited from engaging in transactions with them. Any entities that are owned, directly or indirectly, individually or in the aggregate, 50% or more by one or more blocked persons are also blocked.
First‑Ever PAIPA Designations
In parallel, the State Department designated Zelenyuk, Operation Zero, and an affiliated UAE entity under PAIPA, marking the first sanctions imposed under that statute. The State Department determined that the theft of US trade secrets was reasonably likely to result in, or has materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.
According to US authorities, the network purchased at least eight stolen zero‑day exploits from a former employee of a US defense contractor, who later pleaded guilty to trade secret theft. The exploits were allegedly resold to unauthorized third parties, including foreign customers.
Key Takeaways
These actions signal a likely broader use of sanctions as an enforcement tool under the PAIPA to address cyber‑enabled trade secret theft. Companies involved in cybersecurity, vulnerability research, defense contracting, or digital asset transactions should reassess sanctions screening, cyber due diligence, and insider‑risk controls in light of PAIPA’s emergence as an active enforcement tool.
