Operation Zero
Russian exploit brokerage operating as Matrix LLC; OFAC-sanctioned April 2026 for acquiring stolen US government zero-days.
Last refreshed: 28 April 2026 · Appears in 2 active topics
How did a Russian exploit broker buy US government zero-days while Iran was under active cyber attack?
Timeline for Operation Zero
Expended key munitions at a rate flagged by CSIS as creating a vulnerability window
Iran Conflict 2026: CENTCOM hits Goruk and Qeshm IslandMentioned in: Bahrain and Qatar sign Hormuz coalition pact
Iran Conflict 2026Mentioned in: White House signs no Iran instrument on day 71
Iran Conflict 2026Mentioned in: Pakistan carries US memo to Tehran
Iran Conflict 2026Rubio rejected on Monday, paper Thursday
Iran Conflict 2026- What is Operation Zero exploit broker?
- Operation Zero is the trading name of Matrix LLC, a Russian exploit brokerage operated by Sergey Zelenyuk. OFAC sanctioned it in April 2026 for acquiring zero-day exploits developed by US government contractors.Source: OFAC
- How was Operation Zero sanctioned by OFAC?
- OFAC designated Sergey Zelenyuk, Matrix LLC and five associated entities on 14 April 2026 using the Protecting American Intellectual Property Act (PAIPA), the first time PAIPA has been used in a cyber enforcement action.Source: OFAC designation April 2026
- How much does Operation Zero pay for iPhone zero-days?
- Operation Zero published a price list in 2023 offering up to $20 million for full iOS exploit chains with Remote Code Execution capability. Android and Windows exploits were priced lower in the same list.Source: Operation Zero public price list 2023
- How was Operation Zero connected to the Iran conflict?
- Operation Zero was sanctioned in the same OFAC round targeting Iran sanctions-evasion networks, reflecting the convergence of cyber and financial enforcement in the conflict. The exploits acquired included tools active during US cyber operations against Iranian infrastructure.Source: OFAC / Lowdown
Background
Operation Zero gained Lowdown relevance in the context of the Iran conflict's cyber dimension. OFAC sanctioned the firm in April 2026 for acquiring zero-day exploits from US government contractor insiders, with the designation noting the exploits were acquired while US offensive cyber operations against Iranian infrastructure were active. The sanctions placed Operation Zero in the same OFAC designation round that targeted Iranian sanctions-evasion networks, reflecting the convergence of cyber and financial enforcement in the conflict's fifth round of measures.
