The U.S. government has slapped sanctions on a Russian cyber-exploit broker that bought stolen hacking tools from an insider at a U.S. defense contractor.

The Treasury Department’s Office of Foreign Assets Control (OFAC) added Matrix LLC—better known as Operation Zero and based in Saint Petersburg, Russia—to its sanctions list, along with its owner Sergey Sergeyevich Zelenyuk and five other people and companies connected to the group. This is the first time the Protecting American Intellectual Property Act (PAIPA) has been used to target the theft of digital tools like these.

The move comes as a former L3Harris cybersecurity manager, Peter Williams, was sentenced in U.S. federal court to more than seven years in prison. Williams, an Australian national, admitted stealing eight highly sensitive “zero-day” cyber exploits — software vulnerabilities unknown to the public and designed for exclusive use by the U.S. government and its allies — and selling them to Operation Zero for about $1.3 million in cryptocurrency.

Operation Zero offers large rewards — millions of dollars in some cases — to researchers and hackers who deliver new cyber vulnerabilities, including bugs in widely used operating systems and secure messaging apps. The company says it only sells exploits to Russian businesses and government clients.

OFAC’s sanctions freeze any U.S. assets belonging to the designated parties and prohibit American companies and individuals from doing business with them. The sanctions also extend to an associated UAE-based company (Special Technology Services LLC), two individuals with links to Operation Zero, and another exploit broker called Advance Security Solutions.