The Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury added Uzbek citizen Azizjon Makhmudovich Mamashoyev and his associated company Advance Security Solutions to its sanctions list on February 24, 2026. The update was published on the agency’s official website.
Inclusion in the sanctions list
According to OFAC, 39-year-old Tashkent resident Mamashoyev was designated under Executive Order 13694 (as further amended) for “having materially assisted, sponsored, or provided financial, material, or technological support for, or goods and services to or in support of” Sergey Zelenyuk. The sanctions materials also indicate that Advance Security Solutions (also referred to as Advanced Security Solutions) is owned or controlled by Mamashoyev or acted on his behalf or in his interest. The company is also subject to sanctions.
On the same day, OFAC announced sanctions against Oleg Vyacheslavovich Kucherov, identified as a Russian citizen and a suspected member of the Trickbot cybercrime group. According to OFAC, Kucherov and Mamashoyev previously had working relationships with Zelenyuk’s company, Operation Zero.
The U.S. Treasury Department’s press release states that the measures were taken as part of actions against a network of exploit brokers involved in stealing and selling U.S. government cyber tools.
“Additionally, OFAC is sanctioning Advance Security Solutions, another exploit brokerage firm that, like Operation Zero, offers bounties for exploits for U.S.-built software,” the agency said.
Advance Security Solutions, according to OFAC, was established in 2025, operates in computer programming, and conducts business in the United Arab Emirates and Uzbekistan.
Inclusion on the SDN list results in the blocking of assets within U.S. jurisdiction and prohibits U.S. persons from engaging in transactions with the listed individuals or entities.
What are exploits?
An exploit is computer code, a script, or a sequence of actions that takes advantage of a vulnerability in software, a system, or a device to gain unauthorized access or perform unwanted operations.
If there is a flaw (vulnerability) in a program, an exploit is the technical method to use it.
Main types of exploits:
- Remote exploit — used remotely over a network.
- Local exploit — requires existing access to the system.
- Zero-day exploit — exploits a vulnerability that the developer does not yet know about or has not patched.
- Privilege escalation exploit — allows increasing access rights in a system.
An exploit is not always a complete piece of malware. It is a tool that can be part of a virus, Trojan, or ransomware, or used by cybersecurity researchers to test protections.
In the context of “exploit brokers,” these are companies or intermediaries that buy and sell information about vulnerabilities or ready-to-use tools for exploiting them. Whether this is legal or illegal depends on the jurisdiction, the terms of transfer, and the intended use.
“Zelenyuk and Operation Zero trade in “exploits”—pieces of code or techniques that take advantage of vulnerabilities in a computer program to allow users to gain unauthorized access, steal information, or take control of an electronic device—and have offered rewards to anyone who will provide them with exploits for U.S.-built software,” the U.S. Treasury said in a press release.
“Among the exploits that Operation Zero acquired were at least eight proprietary cyber tools, which were created for the exclusive use of the U.S. government and select allies and which were stolen from a U.S. company. Operation Zero then sold those stolen tools to at least one unauthorized user,” it was noted in the same press release.