Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups

LOS ANGELES – A Ukrainian national has been federally charged with participating in dozens of cyberattacks and computer intrusions against critical infrastructure and other victims around the world, in support of Russia’s geopolitical interests, the Justice Department announced today.

The two indictments against Victoria Eduardovna Dubranova, 33, a.k.a. “Vika,” a.k.a. “Tory,” a.k.a. “SovaSonya,” were unsealed today in United States District Court in Los Angeles. Dubranova was extradited to the United States earlier this year on an indictment charging her for her actions supporting CyberArmyofRussia_Reborn (CARR).

Dubranova was arraigned today on a second indictment charging her for her actions supporting NoName057(16) (NoName). Dubranova has pleaded not guilty in both cases. Dubranova pleaded not guilty today at her arraignment and a February 3, 2026 trial date was scheduled in that case.

As described in the indictments, the Russian government backed CARR and NoName by providing, among other things, financial support. CARR used this financial support to access various cybercriminal services, including subscriptions to distributed denial of service-for-hire services. NoName was a state-sanctioned project administered   in part by an information technology organization established by order of the President of Russia in October 2018 that developed, along with other co-conspirators, NoName’s proprietary distributed denial of service (DDoS) program.

“Politically motivated hacktivist groups, whether state-sponsored like CARR or state-sanctioned like NoName, pose a serious threat to our national security, particularly when foreign intelligence services use civilians to obfuscate their malicious cyber activity targeting American critical infrastructure as well as attacking proponents of NATO and U.S. interests abroad,” said First Assistant United States Attorney Bill Essayli. “The charges announced today demonstrate our commitment to eradicating global threats to cybersecurity and pursuing malicious cyber actors working on behalf of adversarial foreign interests.”

“Today’s actions demonstrate the Department’s commitment to disrupting malicious Russian cyber activity — whether conducted directly by state actors or their criminal proxies — aimed at furthering Russia’s geopolitical interests,” said Assistant Attorney General for National Security John A. Eisenberg. “We remain steadfast in defending essential services, including food and water systems Americans rely on each day, and holding accountable those who seek to undermine them.”

“When pro-Russia hacktivist groups target our infrastructure, the FBI will use all available tools to expose their activity and hold them accountable,” said Assistant Director Brett Leatherman of FBI’s Cyber Division. “Today’s announcement demonstrates the FBI’s commitment to disrupt Russian state-sponsored cyber threats, including reckless criminal groups supported by the GRU. The FBI doesn’t just track cyber adversaries—we work with global partners to bring them to justice.”

“The defendant’s illegal actions to tamper with the nation’s public water systems put communities and the nation’s drinking water resources at risk,” said U.S. Environmental Protection Agency Acting Assistant Administrator for Enforcement and Compliance Assurance Craig Pritzlaff. “These criminal charges serve as an unequivocal warning to malicious cyber actors in the U.S. and abroad: EPA’s Criminal Investigation Division and our law enforcement partners will not tolerate threats to our nation’s water infrastructure and will pursue justice against those who endanger the American public. EPA is unwavering in its commitment to clean, safe water for all Americans.”

“The FBI continues to relentlessly pursue cybercriminal groups,” said Akil Davis, the Assistant Director in Charge of the FBI’s Los Angeles Field Office. “Pro-Russia cybercriminal groups such as CARR and NoName057(16) have been emboldened to target the critical infrastructure of the United States and NATO allies, including U.S. elections, public water systems, and other government and financial institutions. Today’s announcement underscores the FBI’s priorities and capabilities in countering cyber threats and demonstrates the FBI’s dedication to working with foreign partners to protect victims worldwide.”

          Cyber Army of Russia Reborn

According to the indictment, CARR, also known as Z-Pentest, was founded, funded, and directed by the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). CARR claimed credit for hundreds of cyberattacks against victims worldwide, including attacks against critical infrastructure in the United States, in support of Russia’s geopolitical interests.

CARR regularly posted on Telegram claiming credit for its attacks and published photos and videos depicting its attacks. CARR primarily hacked industrial control facilities and conducted DDoS attacks. CARR’s victims included public drinking water systems across several states in the U.S., resulting in damage to controls and the spilling of hundreds of thousands of gallons of drinking water.

CARR also attacked a meat processing facility in Los Angeles in November 2024, spoiling thousands of pounds of meat and triggering an ammonia leak in the facility. CARR has attacked U.S. election infrastructure during U.S. elections, and websites for U.S. nuclear regulatory entities, among other sensitive targets.

An individual operating as “Cyber_1ce_Killer,” a moniker associated with at least one GRU officer instructed CARR leadership on what kinds of victims CARR should target, and his organization financed CARR’s access to various cybercriminal services, including subscriptions to DDoS-for-hire services. At times, CARR had more than 100 members, including juveniles, and more than 75,000 followers on Telegram.

The CARR indictment charges Dubranova with one count of conspiracy to damage protected computers and tamper with public water systems, one count of damaging protected computers, one count of access device fraud, and one count of aggravated identity theft. If convicted of these charges, Dubranova would face a statutory maximum sentence of 27 years in federal prison. She is scheduled to go to trial on April 7, 2026 in this case.

          NoName057(16)

NoName was covert project whose membership included multiple employees of The Center for the Study and Network Monitoring of the Youth Environment (CISM), among other cyber actors. CISM was an information technology organization established by order of the President of Russia in October 2018 that purported to, among other things, monitor the safety of the internet for Russian youth.

According to the indictment, NoName claimed credit for hundreds of cyberattacks against victims worldwide in support of Russia’s geopolitical interests. NoName regularly posted on Telegram claiming credit for its attacks and published proof of victim websites being taken offline. The group primarily conducted DDoS cyberattacks using their own proprietary DDoS tool, DDoSia, which relied on network infrastructure around the world created by employees of CISM.

NoName’s victims included government agencies, financial institutions, and critical infrastructure, such as public railways and ports. NoName recruited volunteers from around the world to download DDoSia and used their computers to launch DDoS attacks on the victims that NoName leaders selected. NoName also published a daily leaderboard of volunteers who launched the most DDoS attacks on its Telegram channel and paid top-ranking volunteers in cryptocurrency for their attacks.

The indictment charges Dubranova with one count of conspiracy to damage protected computers. If convicted of this charge, Dubranova would face a statutory maximum sentence of five years in federal prison.

The law enforcement takedown against NoName is part of Operation Red Circus, and has been executed in coordination with a Europol operation, Operation Eastwood, which is aimed at disrupting NoName. As part of these ongoing operations, law enforcement in 19 countries, including Germany’s Bundeskriminalamt (BKA), the Netherlands National Police, the Spanish National Police, the Swiss Federal Police, the Swedish Polismyndigheten, and the French Gendarmerie Nationale, alongside the FBI, disrupted more than 100 servers around the world, including virtual servers hosted in the United States, in July 2025. Resulting from their own independent investigations, foreign law enforcement also publicly announced charges against five NoName actors, arrested two NoName actors outside of Russia, and executed searches of 22 NoName members and 2 service providers worldwide. The FBI also suspended NoName’s main X account, which played a key role in the group’s public messaging campaign.

Concurrent with today’s actions, the U.S. Department of State has offered potential rewards for up to $2 million for information on individuals associated with CARR and up to $10 million for information on individuals associated with NoName. Additionally, today the FBI, CISA, NSA, DOE, EPA, and DC3 issued a Joint Cybersecurity Advisory assessing that pro-Russia hacktivist groups, like CARR and NoName, target minimally secured, internet-facing virtual network computing connections to infiltrate (or gain access to) operational technology control devices within critical infrastructure systems to execute attacks against critical infrastructure, resulting in varying degrees of impact, including physical damage.

On July 19, 2024, U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions targeting two CARR members, Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, for their roles in cyber operations against U.S. critical infrastructure. These two individuals were the group’s leader and a primary hacker, respectively. 

The FBI Los Angeles Field Office investigated the CARR and NoName cases as part of FBI’s Operation Red Circus, an ongoing operation to disrupt Russian state-sponsored cyberthreats to U.S. critical infrastructure and interests abroad.

Assistant United States Attorneys Angela Makabali and Alexander Gorin of the National Security Division, and Trial Attorney Greg Nicosia of the Justice Department’s National Security Cyber Section are prosecuting these cases. Assistant United States Attorney James E. Dochterman of the Asset Forfeiture and Recovery Section is handling the forfeiture cases.

An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.