Pierluigi Paganini July 23, 2024

The US government sanctioned two Russian hacktivists for their cyberattacks targeting critical infrastructure, including breaches of water facilities.

The United States sanctioned Russian hacktivists Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR), for their roles in cyber operations against U.S. critical infrastructure.

The US authorities identified Pankratova as the group leader, while Degtyarenko is a primary hacker.

Since 2022, the Cyber Army of Russia Reborn (CARR) has launched a series of low-impact DDoS attacks against entities in Ukraine and other countries that offered support to Ukraine. In late 2023, CARR claimed attacks on industrial control systems in the U.S. and Europe, affecting water, hydroelectric, wastewater, and energy facilities. In January 2024, CARR caused water tank overflows in Texas and compromised a U.S. energy company’s SCADA system. Despite gaining temporary control, CARR’s limited hacking capabilities prevented major damage.

“In January 2024, CARR claimed responsibility for the overflow of water storage tanks in Abernathy and Muleshoe, Texas, posting video of the manipulation of human-machine interfaces at each facility on a public forum.” reads the press release published by the US Treasury. “The compromise of the industrial control systems resulted in the loss of tens of thousands of gallons of water. Additionally, CARR compromised the supervisory control and data acquisition (SCADA) system of a U.S. energy company, giving them control over the alarms and pumps for tanks in that system.”

As a result of the sanctions, all property and interests of the designated individuals in the U.S. or controlled by U.S. persons are blocked and must be reported to OFAC. The US government also blocked entities owned 50% or more by these individuals. Transactions involving these individuals’ property are generally prohibited unless authorized by OFAC. Financial institutions and others involved with the sanctioned individuals may face sanctions or enforcement actions. The sanctions also prohibit other activities that the duo can conduct, such as providing or receiving funds, goods, or services to or from the designated persons.

“CARR and its members’ efforts to target our critical infrastructure represent an unacceptable threat to our citizens and our communities, with potentially dangerous consequences,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. “The United States has and will continue to take action, using our full range of tools, to hold accountable these and other individuals for their malicious cyber activities.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, critical infrastructure)