backOn February 24, 2026, the U.S. Department of State announced the designation of one individual and two companies in connection with theft of trade secrets from a U.S. company, marking the first enforcement action under the Protecting American Intellectual Property Act (“PAIPA”). The State Department designated Sergey Sergeyevich Zelenyuk (“Zelenyuk”), a Russian national, his company Matrix LLC (doing business as “Operation Zero”), and an affiliated company based in the United Arab Emirates, Special Technology Services LLC FZ (“STS”), under PAIPA.
Concurrently, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) designated Zelenyuk, Operation Zero, STS, and four additional individuals and entities as Specially Designated Nationals and Blocked Persons (“SDNs”) for their involvement in the acquisition and distribution of cyber tools harmful to U.S. national security pursuant to Executive Order 13694, as further amended by E.O. 14306, which authorizes sanctions for malicious cyber-enabled activities.
These coordinated actions follow the related U.S. Department of Justice prosecution of Peter Williams, a former general manager for a U.S. defense contractor, who was recently sentenced to 87 months in prison for stealing trade secrets. Williams plead guilty to selling eight cyber-exploit components from his employer that were meant to be sold exclusively to the U.S. government and select allies and then selling those trade secrets to a Russian cyber-tools broker in exchange for cryptocurrency payments. According to Treasury, the broker was Operation Zero, a St. Petersburg, Russia-headquartered exploit brokerage that publicly advertises itself as a reseller of cyber exploits to various customers, including the Russian government.
First-Ever Use of PAIPA
The most significant aspect of this action is the Department of State’s designation of Zelenyuk, Operation Zero, and STS under PAIPA, marking the first time that sanctions have been imposed under the statute since it was enacted on January 5, 2023. PAIPA mandates sanctions against foreign persons determined by the President to have knowingly engaged in, or benefitted from, significant theft of trade secrets of United States persons, where the theft is reasonably likely to result in, or has materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States. Notably, PAIPA’s reach extends beyond the immediate actors in a trade secret theft; the statute also covers persons who provided significant financial, material, or technological support for such theft, entities owned or controlled by, or acting on behalf of, such persons, and chief executive officers or board members of such foreign entities.
For identified foreign entities, PAIPA requires the President to impose at least five sanctions from a menu of twelve options, including the following: (1) blocking of property; (2) inclusion on the Bureau of Industry and Security’s Entity List; (3) denial of Export-Import Bank assistance; (4) prohibition on loans from U.S. financial institutions exceeding $10 million; (5) opposition to loans from international financial institutions; (6) prohibitions on designation as a primary dealer in U.S. government debt or service as a repository for government funds (for financial institutions); (7) federal procurement bans; (8) prohibition on foreign exchange transactions; (9) prohibition on banking transactions; (10) a ban on U.S. person investment in equity or debt of the designated entity; (11) exclusion of corporate officers from the United States; and (12) sanctions on principal executive officers. For identified foreign individuals, PAIPA mandates blocking of property and visa ineligibility.
According to the State Department, the sanctions imposed on Operation Zero and STS include blocking of property, prohibition on loans from U.S. financial institutions exceeding $10 million, prohibition on foreign exchange transactions, prohibition on banking transactions, and a ban on U.S. person investment in equity or debt of the designated entities.
Additionally, as a result of the OFAC designations, all property and interests in property of the designated persons—or entities owned 50 percent or more by the designated persons—that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Unless authorized by a general or specific license, OFAC’s regulations generally prohibit all transactions by U.S. persons or within the United States that involve any property or interests in property of blocked persons. Violations may result in civil or criminal penalties.
The use of PAIPA in this context carries several implications for future enforcement. First, it signals the Administration’s intent to treat the theft and sale of proprietary cyber tools as trade secret theft warranting sanctions, even when the designated persons are not the original perpetrators but rather brokers who acquire and resell stolen technology. Second, the designation of STS, a UAE-based affiliate of Operation Zero, indicates that PAIPA sanctions may extend to foreign entities that benefit from or facilitate trade secret theft, even if they are not directly involved in the underlying misappropriation. The State Department indicated that Zelenyuk established STS to conduct business with various countries in Asia and the Middle East, and that this effort was likely aimed in part at circumventing U.S. sanctions imposed on Russian bank accounts.
Notably, while the text of PAIPA is not limited to any single country, its sponsors in the Senate made clear that China was a primary target of the legislation. The fact that the first-ever PAIPA designations target Russian actors rather than Chinese entities suggests that the Administration views PAIPA as a flexible tool applicable to trade secret theft by foreign actors more broadly, not solely as a China-focused instrument.
Practical Recommendations
In light of these designations, companies should consider the following measures:
- Screen against updated SDN List. Companies should ensure that they are screening counterparties, customers, and vendors against OFAC’s updated Specially Designated Nationals and Blocked Persons List.
- Scrutinize sensitive jurisdiction. The geographic nexus of Operation Zero (Russia), STS (UAE), and Advance Security Solutions (UAE and Uzbekistan) underscores the need for enhanced scrutiny of transactions involving entities in these jurisdictions that operate in the cybersecurity or technology sectors.
- Strengthen trade secret protection programs. The Williams case—involving an insider who stole proprietary cyber tools from a U.S. company—underscores the importance of robust trade secret protection measures, including access controls, employee training, monitoring for suspicious activity, and rigorous exit procedures for departing employees with access to sensitive technology.
- Consider U.S. Government engagement on potential PAIPA designations. Companies that have been victims of trade secret theft by foreign actors should consider whether the circumstances warrant engagement with the U.S. government regarding potential PAIPA designations and other potential action. Although PAIPA does not establish a formal reporting mechanism for private parties, the successful use of PAIPA in this case suggests that the government may be receptive to imposing sanctions where trade secret theft implicates national security.
- Perform Due Diligence When Purchasing Technology and Other Trade Secrets. Companies should be careful when acquiring technology and other trade secrets to ensure they are not purchasing stolen secrets. Doing otherwise could expose the company to potential criminal, civil, and administrative actions, including under PAIPA.