PersonRU

Oleg Kucherov

Russian individual and suspected Trickbot operator designated by OFAC as part of the Operation Zero exploit broker network.

Last refreshed: 17 April 2026 · Appears in 1 active topic

Key Question

How does a Trickbot operator end up in a zero-day exploit brokerage sanctions action?

Timeline for Oleg Kucherov

#117 Apr

Suspected Trickbot operator designated by OFAC

Cybersecurity: Threats and Defences: Mentioned in: OFAC turns IP law on Operation Zero

View full timeline →

Follow Cybersecurity: Threats and Defences →

Common Questions

Who is Oleg Kucherov and why was he sanctioned?: Oleg Kucherov is a Russian national identified as a suspected Trickbot operator and designated by OFAC in April 2026 as part of the Operation Zero sanctions action for involvement in the trafficking of stolen US government cyber tools.Source: OFAC
What connection does Trickbot have to Operation Zero?: Oleg Kucherov, identified as a suspected Trickbot operator, was designated alongside Operation Zero's principal Sergey Zelenyuk in OFAC's April 2026 PAIPA action, providing a named personnel link between the two networks.Source: OFAC

Background

Oleg Kucherov was designated by OFAC in April 2026 as part of the Operation Zero sanctions action under the Protecting American Intellectual Property Act (PAIPA). OFAC identified Kucherov as a suspected operator associated with the Trickbot cybercrime group, whose banking malware and ransomware delivery infrastructure was active from 2016 onwards. His presence in the Operation Zero network illustrates the personnel overlap between Russian cybercrime groups and the exploit-brokerage market.

Kucherov's designation connects the Operation Zero network to an earlier generation of Russian cybercriminal infrastructure. Trickbot operators avoided prosecution through 2021 to 2023 law-enforcement actions against the group's infrastructure, with several individuals surfacing in new criminal or state-adjacent contexts in subsequent years. Kucherov's appearance in a zero-day exploit brokerage action fits the pattern of Trickbot-era operators moving up the value chain from commodity malware to higher-margin exploit transactions.

For threat intelligence teams, the Kucherov designation provides a named link between the Trickbot criminal network and the 2026 exploit-broker sanctions action, supporting longer-term tracking of Russian cybercrime operator personnel continuity.

How the World Sees Them

US law enforcement

Kucherov's designation links Trickbot-era criminal personnel to a 2026 state-adjacent exploit brokerage, demonstrating operator continuity across years and operational contexts.

Russian cybercrime ecosystem

Trickbot-era operators avoiding prosecution have maintained access to criminal networks that now intersect with state-adjacent zero-day markets.