The US Department of Treasury on Friday announced sanctions against two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR) for their involvement in cyberattacks targeting the nation’s critical infrastructure.
The two individuals, Yuliya Vladimirovna Pankratova (Pankratova) and Denis Olegovich Degtyarenko (Degtyarenko), were designated as the group’s leader and a primary hacker, respectively.
Also known as Cyber Army of Russia, CARR in 2022 launched distributed denial-of-service (DDoS) attacks against Ukraine and countries supporting it, and in 2023 started claiming responsibility for intrusions at US and European critical infrastructure entities.
“Using various unsophisticated techniques, CARR has been responsible for manipulating industrial control system equipment at water supply, hydroelectric, wastewater, and energy facilities in the US and Europe,” the US Treasury says.
Earlier this year, CARR posted videos showing their ability to manipulate human-machine interfaces (HMIs) at water utilities in the US and Poland, and a video showing that it disrupted operations at a hydroelectric facility in France.
According to the US Treasury, CARR’s compromise of industrial control systems at water storage tanks in Abernathy and Muleshoe, Texas, “resulted in the loss of tens of thousands of gallons of water”.
CARR, the US says, also compromised the supervisory control and data acquisition (SCADA) system of an energy company in the US, gaining control of alarms and pumps for tanks, but did not cause major damage due to the group’s “lack of technical sophistication”.
Pankratova, also known as YUliYA, commands and controls CARR’s operations and has acted as the group’s spokesperson.
Degtyarenko, also known as Dena, is a primary hacker for CARR who is responsible for compromising the US energy company’s SCADA system.
“In early May 2024, Degtyarenko developed training materials on how to compromise SCADA systems and was possibly looking to distribute the materials to external groups,” US Treasury says.
The two individuals’ activities, aimed at compromising the critical infrastructure sector, pose a threat to the national security, foreign policy, and financial stability of the US, the Treasury says.
As result of the sanctions, all US properties the two own or have interest in, as well as entities in which they own at least 50% are now blocked. All US entities are now prohibited from making transactions with Pankratova and Degtyarenko.
Related: US Announces Charges, Reward for Russian National Behind Wiper Attacks on Ukraine
Related: US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft
Related: Taiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US Sanctions
Related: Crypto Firms Say US Sanctions Limit Use of Privacy Software
