**U.S. Charges Ukrainian National in Russian-Backed Cyberattacks on Critical Infrastructure**
A 33-year-old Ukrainian national, Victoria Eduardovna Dubranova (also known as Vika, Tory, and SovaSonya), has been charged by U.S. prosecutors for her alleged role in cyberattacks targeting global critical infrastructure, including U.S. water systems, election infrastructure, and nuclear facilities. Dubranova, extradited to the U.S. earlier this year, faces charges tied to her involvement with two Russian state-backed hacktivist groups: NoName057(16) and CyberArmyofRussia_Reborn (CARR).
Dubranova pleaded not guilty and is scheduled for trial in February 2026 (NoName case) and April 2026 (CARR case). If convicted, she could face up to 27 years for CARR-related offenses and 5 years for NoName charges.
NoName057(16): State-Sanctioned DDoS Attacks
NoName057(16), partially administered by Russian threat actors and the Center for the Study and Network Monitoring of the Youth Environment (CISM)—a Kremlin-linked IT organization—developed DDoSia, a custom DDoS tool. The group recruited volunteers to launch attacks against government agencies, financial institutions, and critical infrastructure, including railways and ports.
CARR: GRU-Backed Sabotage of U.S. Infrastructure
The Main Directorate of the Russian General Staff (GRU) founded, funded, and directed CARR, a pro-Russia hacktivist collective with over 75,000 Telegram followers and 100+ members, including teenagers. The group claimed responsibility for hundreds of cyberattacks, including:
- Public water systems in multiple U.S. states, causing industrial control failures and spilling hundreds of thousands of gallons of drinking water.
- A Los Angeles meat processing facility in November 2024, triggering an ammonia leak and spoiling thousands of pounds of meat.
- Nuclear regulatory entities and U.S. election infrastructure.
A GRU officer, operating under the alias Cyber_1ce_Killer, directed CARR’s leadership and financed its DDoS-for-hire operations.
U.S. Response & Global Warnings
The U.S. State Department has offered rewards of up to $2 million for information on CARR associates and $10 million for details on NoName-linked individuals. Additionally, CISA, the FBI, NSA, and international partners issued a joint advisory warning that pro-Russia hacktivist groups—including CARR, NoName, Z-Pentest, and Sector16—continue to target critical infrastructure, with potential for physical damage.
In July 2024, the U.S. Treasury’s OFAC sanctioned two CARR members: Denis Olegovich Degtyarenko (a primary hacker) and Yuliya Vladimirovna Pankratova (the group’s leader). The EPA’s Craig Pritzlaff emphasized that such attacks on water systems "endanger the American public" and will be met with legal consequences.
Texas Tech University - Critical Infrastructure Security Institute (CISI) cybersecurity rating report: https://www.rankiteo.com/company/ttu-cisi
"id": "TTU1765375614",
"linkid": "ttu-cisi",
"type": "Cyber Attack",
"date": "12/2025",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'industry': 'Water Supply',
'location': 'United States',
'name': 'U.S. Water Systems',
'type': 'Public Utility'},
{'industry': 'Food Processing',
'location': 'Los Angeles, United States',
'name': 'Los Angeles Meat Processing Facility',
'type': 'Private Company'},
{'industry': 'Elections',
'location': 'United States',
'name': 'U.S. Election Infrastructure',
'type': 'Government'},
{'industry': 'Nuclear Regulation',
'location': 'United States',
'name': 'Nuclear Regulatory Entities',
'type': 'Government'},
{'industry': 'Various',
'location': 'Global',
'name': 'Government Agencies',
'type': 'Government'},
{'industry': 'Finance',
'location': 'Global',
'name': 'Financial Institutions',
'type': 'Private Sector'},
{'industry': 'Transportation',
'location': 'Global',
'name': 'Railways and Ports',
'type': 'Public/Private'}],
'attack_vector': ['DDoSia (Custom DDoS Tool)',
'Telegram Coordination',
'Distributed Denial-of-Service-for-Hire Services'],
'date_publicly_disclosed': '2024-10-08',
'description': 'U.S. prosecutors have charged a Ukrainian national, Victoria '
'Eduardovna Dubranova, for her role in cyberattacks targeting '
'critical infrastructure worldwide, including U.S. water '
'systems, election systems, and nuclear facilities, on behalf '
'of Russian state-backed hacktivist groups NoName057(16) and '
'CyberArmyofRussia_Reborn (CARR).',
'impact': {'operational_impact': ['Spillage of Hundreds of Thousands of '
'Gallons of Drinking Water',
'Ammonia Leak at Meat Processing Facility',
'Spoilage of Thousands of Pounds of Meat'],
'systems_affected': ['Water Systems',
'Election Infrastructure',
'Nuclear Regulatory Entities',
'Meat Processing Facilities']},
'initial_access_broker': {'high_value_targets': ['Water Systems',
'Election Infrastructure',
'Nuclear Facilities']},
'investigation_status': 'Ongoing (Trial Scheduled for February 2026 and April '
'2026)',
'motivation': ['State-Sanctioned Cyber Warfare',
'Disruption of Critical Infrastructure',
'Political Influence'],
'post_incident_analysis': {'root_causes': ['State-Backed Cyber Warfare',
'Lack of Robust Critical '
'Infrastructure Protections']},
'references': [{'source': 'U.S. Justice Department'},
{'source': 'Environmental Protection Agency (EPA)'},
{'source': 'U.S. State Department'},
{'source': 'CISA Joint Advisory'},
{'source': 'U.S. Treasury Department (OFAC)'}],
'regulatory_compliance': {'legal_actions': ['Criminal Charges',
'OFAC Sanctions'],
'regulations_violated': ['U.S. Critical '
'Infrastructure Protection '
'Laws'],
'regulatory_notifications': ['EPA Statement',
'CISA Advisory',
'U.S. State Department '
'Rewards']},
'response': {'law_enforcement_notified': True},
'stakeholder_advisories': 'CISA, FBI, NSA, and international agencies have '
'issued warnings about pro-Russia hacktivist groups '
'targeting critical infrastructure.',
'threat_actor': ['NoName057(16)',
'CyberArmyofRussia_Reborn (CARR)',
'GRU (Russian Military Intelligence)'],
'title': 'Charges Against Ukrainian National for Cyberattacks on U.S. '
'Critical Infrastructure by Russian State-Backed Hacktivist Groups',
'type': ['DDoS', 'Cyberattack on Industrial Controls', 'Data Breach']}