The U.S. Treasury Department recently issued two press releases concerning cybersecurity. First, the Treasury Department created a cybersecurity information sharing initiative for U.S. digital assert companies. Second, the Treasury Department sanctioned actors who stole trade secrets involving cybersecurity tools from a U.S. company. The Press Releases are below.
Treasury Launches Cybersecurity Information Sharing
Initiative for the Digital Asset Industry
WASHINGTON – Today, the U.S. Department of the Treasury’s
Office of Cybersecurity and Critical Infrastructure Protection (OCCIP)
announced a new initiative to strengthen cybersecurity across the digital asset
industry. The initiative will provide timely, actionable cybersecurity
information to eligible U.S. digital asset firms and industry organizations,
helping them better identify, prevent, and respond to cyber threats targeting
their customers and networks. The effort advances a key recommendation from the
President’s Working Group on Digital Asset Markets report, Strengthening
American Leadership in Digital Financial Technology.
Treasury leadership highlights the growing importance of
digital asset firms to the broader financial system.
“Digital asset firms are an increasingly important part of
the U.S. financial sector, and their resilience is critical to the health of
the broader system,” said Luke Pettit, Assistant Secretary for Financial
Institutions. “By extending access to the same high-quality cybersecurity
information used by traditional financial institutions, Treasury is helping
promote a more secure and responsible digital asset ecosystem.”
Treasury also emphasized that cybersecurity is foundational
to the future of digital finance and essential to responsible innovation.
“This initiative reflects the principles of the GENIUS Act by
promoting responsible innovation grounded in strong cybersecurity and
operational resilience,” said Tyler Williams, Counselor to the Secretary for
Digital Assets. “As digital assets become more integrated into the financial
system, access to timely and actionable cyber threat information is essential
to protecting consumers and safeguarding the stability of U.S. financial
markets.”
Treasury cybersecurity officials noted that the initiative
responds directly to a rapidly evolving threat environment.
“Cyber threats targeting digital asset platforms are growing
in frequency and sophistication,” said Cory Wilson, Deputy Assistant Secretary
for Cybersecurity. “This initiative expands access to actionable threat
information that helps firms strengthen defenses, reduce risk, and respond more
effectively to incidents.”
Eligible U.S. digital asset firms and industry organizations
that meet Treasury’s criteria will be able to receive, at no cost, the same
actionable cybersecurity information Treasury regularly shares with traditional
U.S. financial institutions. Interested firms are encouraged to contact OCCIP
at OCCIP-Coord@treasury.gov for
more information.
Treasury Sanctions Exploit Broker Network for Theft and Sale
of U.S. Government Cyber Tools
February 24, 2026
First-Ever Action Under the Protecting American
Intellectual Property Act
WASHINGTON — Today, the Department of the
Treasury’s Office of Foreign Assets Control (OFAC) designated Sergey
Sergeyevich Zelenyuk (Zelenyuk) and his company, Matrix
LLC (doing business as Operation Zero), as well as five
associated individuals and entities, for their acquisition and distribution of
cyber tools harmful to U.S. national security. Zelenyuk and
Operation Zero trade in “exploits”—pieces of code or techniques that take
advantage of vulnerabilities in a computer program to allow users to gain
unauthorized access, steal information, or take control of an electronic
device—and have offered rewards to anyone who will provide them with exploits
for U.S.-built software. Among the exploits that Operation
Zero acquired were at least eight proprietary cyber tools, which were
created for the exclusive use of the U.S. government and select allies and
which were stolen from a U.S. company. Operation Zero then sold those
stolen tools to at least one unauthorized user.
“If you steal U.S. trade secrets, we will hold you
accountable,” said Secretary of the Treasury Scott Bessent.
“Treasury will continue to work alongside the rest of the Trump Administration
to protect sensitive American intellectual property and safeguard our national
security.”
This action coincides with an investigation by the Department
of Justice and the Federal Bureau of Investigation of Peter Williams, an
Australian national and a former employee of the aforementioned U.S. company
who pleaded
guilty on October 29, 2025, to two counts of theft of trade
secrets.
Williams stole several proprietary cyber tools from the
company between 2022 and 2025 and sold them to Operation Zero in exchange
for millions of dollars paid in cryptocurrencies.
OFAC is designating Zelenyuk, Operation Zero, and the five
associated individuals and entities pursuant to Executive Order
(E.O.) 13694, as further amended by E.O. 14306 (“E.O. 13694, as further
amended”). In parallel with this action, the Department of State is
sanctioning Zelenyuk, Operation Zero, and an affiliated UAE company, Special
Technology Services LLC FZ (STS) pursuant to the Protecting
American Intellectual Property Act (PAIPA). These are the first persons
sanctioned under this law, which provides for sanctions against persons who
have knowingly engaged in, or benefitted from, significant theft of trade
secrets of United States persons, if the theft of such trade secrets is
reasonably likely to result in, or has materially contributed to, a significant
threat to the national security, foreign policy, or economic health or
financial stability of the United States. Please refer to the Department
of State’s press release for more information about this action under
PAIPA.
ZELENYUK’S ACQUISITION AND SALE OF CYBER TOOLS
Russian national Zelenyuk,through his St.
Petersburg, Russia-headquartered company Operation Zero, has been
active as an exploit broker since 2021. Operation Zero has offered
millions of dollars in bounties to cybersecurity researchers and others for the
development or acquisition of exploits targeting commonly used software,
including U.S.-built operating systems and encrypted messaging
applications. Operation Zero does not disclose the discovered
exploits to the companies developing the affected software, and Operation Zero
customers could use the tools to launch ransomware attacks or engage in other
malign activities. In advertisements and other public-facing materials,
Zelenyuk and Operation Zero have stated that they will only sell the
exploits they acquire to customers from non-NATO countries. Zelenyuk,
through Operation Zero, has sought to sell exploits to foreign intelligence
agencies. Zelenyuk and Operation Zero have also sought to develop other
cyber intelligence systems, including spyware and methods to extract personal
identifying information and other sensitive data uploaded by users of
artificial intelligence applications like large language models.
Operation Zero has sought to recruit hackers to support its activities and
develop business relationships with foreign intelligence agencies through use
of social media.
OFAC is designating Zelenyuk and Operation
Zero pursuant to E.O. 13694, as further amended, for being responsible for
or complicit in, or having engaged in, directly or indirectly, cyber-enabled
activities originating from, or directed by persons located, in whole or
substantial part, outside the United States that are reasonably likely to
result in, or have materially contributed to, a threat to the national
security, foreign policy, or economic health or financial stability of the
United States, and that have the purpose of or involve causing a
misappropriation of funds or economic resources, intellectual property,
proprietary or business confidential information, personal identifiers, or
financial information for commercial or competitive advantage or private
financial gain.
. . .
