US sanctions two members of Russian ‘Cyber Army’ hacktivist group

Avatar

The U.S. has imposed sanctions on two members of the Russian government-aligned hacktivist group known as the Cyber Army of Russia Reborn (CARR).

The group’s leader, Yuliya Pankratova, and its primary hacker, Denis Degtyarenko, are suspected of carrying out cyber operations against U.S. critical infrastructure, according to a statement by the Treasury Department on Friday.

Pankratova, also known by the online alias YUliYA, is a Russian cybercriminal accused of overseeing the Cyber Army’s operations and acted as the group’s spokesperson.

Degtyarenko, who goes by Dena online, was allegedly behind the compromise of a U.S. energy company. In early May 2024, Degtyarenko developed training materials on how to compromise supervisory control and data acquisition (SCADA) systems — which are used in industrial operations — and was possibly looking to distribute the materials to external groups.

As a result of the sanctions, any property in the U.S. belonging to the suspects could be seized, and citizens are forbidden from doing business with them.

Since 2022, the Cyber Army of Russia Reborn has conducted low-impact, unsophisticated distributed denial-of-service (DDoS) attacks in Ukraine and against its allies. In late 2023, the group claimed to have attacked the industrial control systems of multiple U.S. and European critical infrastructure targets.

“Using various unsophisticated techniques, CARR has been responsible for manipulating industrial control system equipment at water supply, hydroelectric, wastewater, and energy facilities in the U.S. and Europe,” the Treasury said.

In January 2024, for example, the group claimed responsibility for the overflow of water storage tanks in Abernathy and Muleshoe, Texas, posting a video of the manipulation of human-machine interfaces at each facility on a public forum. The compromise of the industrial control systems resulted in the loss of tens of thousands of gallons of water.

In addition, CARR compromised the SCADA system of a U.S. energy company, giving them control over alarms and pumps for tanks.

“Despite CARR briefly gaining control of these industrial control systems, instances of major damage to victims have thus far been avoided due to CARR’s lack of technical sophistication,” the Treasury said.

Russia has reportedly been using so-called hacktivists to deflect blame for the Kremlin’s attacks on Ukraine and its allies. However, researchers have previously reported that many Russian hacktivist collectives are affiliated with or directly controlled by well-known Russian state-sponsored groups.

Google-owned Mandiant reported in April that CARR has a close operational relationship with Sandworm.

NewsGovernmentCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Teenage suspect in MGM Resorts hack arrested in Britain

Next Post

Two Lockbit affiliates from Russia plead guilty in US court

Related Posts

Inside Iran’s Cyber Playbook: AI, Fake Hosting, and Psychological Warfare

U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 Summer Olympics and compromising a French commercial dynamic display provider to show messages denouncing Israel's participation in the sporting event. The activity has been pinned on an entity that's known as Emennet Pasargad, which the agencies said has been operating
Avatar
Read More