Pierluigi Paganini
December 11, 2025
A Ukrainian woman, Victoria Dubranova (33), has been charged in the US for allegedly aiding the pro-Russia hacktivist groups Cyber Army of Russia Reborn (CARR) and NoName057(16) in cyberattacks against critical infrastructure worldwide.
Dubranova was extradited to the US and faces up to 27 years for involvement with CARR and five years for ties to NoName hacktivist groups. She has pleaded not guilty in both cases. CARR, a pro-Russia hacktivist group linked to Russia’s GRU, targets critical infrastructure in the US, Ukraine, and NATO allies. Posing as a patriotic volunteer collective, it began with DDoS attacks and website defacements, later moving to industrial control and SCADA system breaches using scanning and password-guessing, sometimes causing real-world disruptions in water and food facilities.
Pro-Russia hacktivist groups like CARR, Z-Pentest, and NoName057(16) exploit poorly secured VNC connections to access OT devices in critical infrastructure, causing varying impacts, including physical damage, primarily targeting water, food, agriculture, and energy sectors. Their attacks are less sophisticated and lower-impact compared to APT groups.
“This joint Cybersecurity Advisory is being published as an addition to the Cybersecurity and Infrastructure Security Agency (CISA) May 6, 2025, joint fact sheet Primary Mitigations to Reduce Cyber Threats to Operational Technology and European Cybercrime Centre’s (EC3) Operation Eastwood
, in which CISA, Federal Bureau of Investigation (FBI), Department of Energy (DOE), Environmental Protection Agency (EPA), and EC3 shared information about cyber incidents affecting the operational technology (OT) and industrial control systems (ICS) of critical infrastructure entities in the United States and globally.” reads a joint advisory from FBI, CISA, National Security Agency (NSA), and partners countries.
CARR attacked U.S. water systems and a Los Angeles meat facility, causing spills, leaks, and damage. GRU guidance financed attacks, targeting critical infrastructure and election sites. A GRU-linked officer, using the handle “Cyber_1ce_Killer,” directed CARR targets, funded DDoS-for-hire services, and is identified as a CARR member.
The U.S. State Department offers up to $2 million for information on CARR members and up to $10 million for details on individuals linked to NoName.
“Under this reward offer, RFJ is offering up to $2 million for information on individuals associated with Cyber Army of Russia Reborn (CARR), also known as Z-Pentest. According to industry reporting, the group is linked to the Main Centre for Special Technologies (GTsST) within the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). CARR members have also publicly claimed their connections to the Russian government.” reads the announcement. “In late 2023, CARR began claiming responsibility for accessing industrial control systems of multiple U.S. and European critical infrastructure targets. Using various techniques, CARR has manipulated unsecured industrial control systems at water supply, hydroelectric, wastewater, and energy facilities in the U.S. and Europe.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, pro-Russia hacktivist groups)
