Ukrainian Hacker Accused of Aiding Russian Cyberattacks
▼ Summary
– A Ukrainian national, Victoria Eduardovna Dubranova, has been charged by U.S. prosecutors for her alleged role in cyberattacks on global critical infrastructure, including U.S. water and election systems, on behalf of Russian state-backed hacktivist groups.
– She faces charges related to two groups: NoName057(16), which used a custom DDoS tool, and CyberArmyofRussia_Reborn (CARR), which was founded and directed by Russia’s military intelligence service.
– The indictment states CARR caused physical damage, including contaminating drinking water and triggering an ammonia leak at a food facility, and targeted nuclear and election infrastructure.
– U.S. authorities have announced substantial rewards for information on individuals linked to these groups and issued a joint advisory warning about their ongoing targeting of critical infrastructure.
– If convicted, Dubranova faces up to 32 years in prison, and the case is part of broader U.S. actions, including sanctions against other group members.
A Ukrainian national now faces serious charges in the United States for allegedly participating in cyberattacks against global critical infrastructure. U.S. prosecutors assert that Victoria Eduardovna Dubranova worked with Russian state-backed hacktivist groups to target American water systems, election infrastructure, and nuclear facilities. The case underscores the tangible risks that cyber campaigns pose to public safety and national security.
Dubranova, who also uses the aliases Vika, Tory, and SovaSonya, was extradited to the U.S. earlier this year. She has been arraigned on charges connected to her alleged involvement with two groups: CyberArmyofRussia_Reborn (CARR) and NoName057(16). She has entered a plea of not guilty for both sets of charges, with trials scheduled for February and April 2026 respectively.
According to the indictment, NoName057(16) was a state-sanctioned project partially administered by The Center for the Study and Network Monitoring of the Youth Environment (CISM), an organization created by order of the Russian president. This group developed a custom tool named DDoSia to conduct distributed denial-of-service (DDoS) attacks. They recruited volunteers to use this software against government agencies, financial institutions, railways, and ports.
Prosecutors state that Russia’s military intelligence service founded, funded, and directed CARR. This pro-Russia group, which boasts over 75,000 Telegram followers, has claimed responsibility for hundreds of cyberattacks worldwide. The indictment details that a GRU officer using the online handle “Cyber1ceKiller” provided CARR leadership with target lists and financed their access to DDoS-for-hire services.
The alleged actions of these groups had severe real-world consequences. CARR is accused of attacking public drinking water systems across multiple U.S. states, damaging industrial controls and spilling hundreds of thousands of gallons of water. In a separate incident in November 2024, the group breached a Los Angeles meat processing facility, triggering an ammonia leak and spoiling thousands of pounds of product. Their targets also included websites for nuclear regulatory bodies and U.S. election infrastructure.
If convicted, Dubranova could face a maximum of 27 years in prison for the CARR-related charges and an additional 5 years for the NoName charges. Craig Pritzlaff, Acting Assistant Administrator at the Environmental Protection Agency, emphasized the gravity of tampering with water systems, stating such actions put communities and vital resources at risk. He issued a clear warning that law enforcement will pursue those who endanger the American public.
In a related move, the U.S. State Department announced financial rewards for information leading to individuals associated with these groups: up to $2 million for details on CARR members and up to $10 million for information on those linked to NoName. This follows sanctions imposed by the U.S. Treasury in July 2024 against two CARR members, including the group’s leader, for attacks on U.S. critical infrastructure.
A recent joint advisory from CISA, the FBI, the NSA, and international partners warns that pro-Russia hacktivist groups like CARR, NoName, Z-Pentest, and Sector16 continue to target critical infrastructure organizations globally. These cyber campaigns are noted for their potential to cause significant disruption and even physical damage.
(Source: Bleeping Computer)