A Ukrainian national, Victoria Eduardovna Dubranova, has been charged in federal court for her alleged involvement in cyberattacks against critical infrastructure worldwide, including targets in the United States. The indictments, unsealed in Los Angeles, accuse Dubranova of supporting two Russian-linked hacking groups: CyberArmyofRussia_Reborn (CARR) and NoName057(16) (NoName).
Dubranova was extradited to the U.S. earlier this year on charges related to CARR and pleaded not guilty at her arraignment. She faces a separate indictment for actions tied to NoName and has also pleaded not guilty in that case. A trial date is set for February 3, 2026.
According to the indictments, both CARR and NoName received backing from the Russian government. This support included financial resources used by CARR to purchase cybercriminal services such as distributed denial of service (DDoS)-for-hire tools. NoName operated as a state-sanctioned project managed partly by an information technology organization established by order of the President of Russia in 2018.
“Politically motivated hacktivist groups, whether state-sponsored like CARR or state-sanctioned like NoName, pose a serious threat to our national security, particularly when foreign intelligence services use civilians to obfuscate their malicious cyber activity targeting American critical infrastructure as well as attacking proponents of NATO and U.S. interests abroad,” said First Assistant United States Attorney Bill Essayli. “The charges announced today demonstrate our commitment to eradicating global threats to cybersecurity and pursuing malicious cyber actors working on behalf of adversarial foreign interests.”
Assistant Attorney General for National Security John A. Eisenberg stated: “Today’s actions demonstrate the Department’s commitment to disrupting malicious Russian cyber activity — whether conducted directly by state actors or their criminal proxies — aimed at furthering Russia’s geopolitical interests. We remain steadfast in defending essential services, including food and water systems Americans rely on each day, and holding accountable those who seek to undermine them.”
“When pro-Russia hacktivist groups target our infrastructure, the FBI will use all available tools to expose their activity and hold them accountable,” said Assistant Director Brett Leatherman of FBI’s Cyber Division. “Today’s announcement demonstrates the FBI’s commitment to disrupt Russian state-sponsored cyber threats, including reckless criminal groups supported by the GRU. The FBI doesn’t just track cyber adversaries—we work with global partners to bring them to justice.”
Craig Pritzlaff from the Environmental Protection Agency commented: “The defendant’s illegal actions to tamper with the nation’s public water systems put communities and the nation’s drinking water resources at risk… EPA is unwavering in its commitment to clean, safe water for all Americans.”
Akil Davis from the FBI Los Angeles Field Office added: “Pro-Russia cybercriminal groups such as CARR and NoName057(16) have been emboldened to target the critical infrastructure of the United States and NATO allies… Today’s announcement underscores the FBI’s priorities and capabilities in countering cyber threats and demonstrates the FBI’s dedication to working with foreign partners to protect victims worldwide.”
CARR was allegedly founded under direction from Russia’s military intelligence agency (GRU), claiming responsibility for hundreds of attacks globally through social media posts showing evidence of these operations. Targets included industrial control facilities across several U.S. states; one attack reportedly caused damage leading to significant spills from public drinking water systems.
In November 2024, CARR attacked a meat processing facility in Los Angeles resulting in spoiled products and an ammonia leak. Other reported targets were election infrastructure during U.S elections and websites related to nuclear regulatory bodies.
The indictment against Dubranova linked with CARR includes charges such as conspiracy involving protected computers and tampering with public water systems; if convicted she could face up to 27 years imprisonment.
NoName057(16), according to prosecutors, was composed partly of employees from a Russian IT group tasked with monitoring internet safety for youth but also engaged internationally in DDoS attacks using proprietary software called DDoSia. Victims included government agencies as well as transportation networks like railways and ports.
Law enforcement agencies coordinated efforts under Operation Red Circus along with Europol’s Operation Eastwood—actions that led authorities across 19 countries—including Germany, Netherlands, Spain, Switzerland, Sweden, France—and others—to disrupt over 100 servers supporting these activities last July.
Concurrent measures include reward offers by the State Department for information about members involved with either group—upwards of $2 million regarding CARR associates or $10 million concerning those linked with NoName—as well as advisories warning about risks posed by minimally secured network connections within critical infrastructure environments.
On July 19th last year sanctions were imposed against two key members of CARR following findings they had roles leading or executing attacks on U.S infrastructure.
These cases are being prosecuted by attorneys Angela Makabali and Alexander Gorin from the National Security Division alongside Greg Nicosia from Justice Department’s National Security Cyber Section; forfeiture matters are handled by James E. Dochterman.
All defendants are presumed innocent until proven guilty beyond reasonable doubt.
