Two Russian Nationals Charged for Cyber Attacks against U.S. Critical Infrastructure

The United States has designated Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR), for their roles in cyber operations targeting U.S. critical infrastructure.

Pankratova, the group’s leader, and Degtyarenko, a primary hacker, have been implicated in a series of cyber-attacks that severely threaten public safety and national security.

Targeting Critical Infrastructure

Since 2022, CARR has been known for conducting low-impact, unsophisticated DDoS attacks in Ukraine and against entities in countries supporting Ukraine.

However, the group’s activities escalated in late 2023 when they began targeting industrial control systems of critical infrastructure in the U.S. and Europe.

These attacks included manipulating equipment at water supply, hydroelectric, wastewater, and energy facilities.

One notable incident occurred in January 2024, when CARR claimed responsibility for overflowing water storage tanks in Abernathy and Muleshoe, Texas.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

The group posted videos of their manipulation of human-machine interfaces at these facilities, resulting in the loss of tens of thousands of gallons of water.

Additionally, CARR compromised the SCADA system of a U.S. energy company, gaining control over alarms and pumps.

Despite these breaches, significant damage was avoided due to the group’s lack of technical sophistication.

Profiles of the Accused

Pankratova, also known as “YUliYA” online, is identified as the leader and spokesperson of CARR. She commands and controls the group’s operations, orchestrating various cyber-attacks.

Degtyarenko, known as “Dena” online, is a primary hacker within the group. He was responsible for compromising the SCADA system of a U.S. energy company and has developed training materials on how to breach such systems, potentially intending to distribute them to other malicious actors.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has designated Pankratova and Degtyarenko under Executive Order 13694, as amended.

This designation is for their involvement in cyber-enabled activities outside the United States that pose significant threats to national security, foreign policy, or economic stability.

Sanctions and Implications

As a result of this designation, all property and interests in property of the designated individuals within the U.S. or controlled by U.S. persons are blocked and must be reported to OFAC.

Furthermore, any entities owned 50 percent or more by these individuals are also blocked. U.S. persons are generally prohibited from engaging in transactions involving the property or interests of these designated individuals unless authorized by OFAC.

Financial institutions and other entities engaging in transactions with the sanctioned individuals may expose themselves to sanctions or enforcement actions. The prohibitions include providing or receiving funds, goods, or services to or from the designated persons.

OFAC emphasizes that the goal of sanctions is not punitive but to induce positive behavioral changes. The OFAC website provides detailed information and processes for those seeking removal from the sanctions list.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.