On 24 February, the United States placed four individuals, including Russian citizens, and three companies on the sanctions list. The US Treasury Department said in a statement that the sanctions were related to their activities in cyberspace that harmed US national security interests.
The agency claims that these individuals buy, sell and trade undisclosed software vulnerabilities (so-called zero-day exploits) that can be used for hacking, data theft and the creation of ransomware.
The list includes Sergei Zelenyuk, the head of Matrix (aka Operation Zero/OpZero), a company based in St Petersburg, Russia. The company specialises in buying up cyber vulnerabilities and reselling them to state-owned companies and organisations. Russian publication The Insider, in particular, wrote that the company promised a reward for identifying a vulnerability in the Telegram messenger. The company was ready to pay up to $4 million for the entire chain of actions that would allow hacking a Telegram account.
In the US, Zelenyuk is accused of buying and reselling at least eight proprietary US government cyber tools (allegedly stolen from a US company), which were then sold to unauthorised people.
The list also includes Russians Oleg Kucherov and Marina Vasanovich, who collaborated with Zelenyuk, as well as Uzbek national Azizjon Mamashayev, founder of Advance Security Solutions, an exploit broker in the United Arab Emirates. This company, like Matrix and another UAE-based company Special Technology Services, is also on the sanctions list.
The US announced the sanctions on the fourth anniversary of Russia’s invasion of Ukraine on 24 February, but it was not reported whether they were related to the anniversary. Earlier, the UK and Canada announced the expansion of the sanctions lists.