.webp "Two Russian Nationals Accused of Cyber Attacks against U.S. Critical Infrastructure")
The recent actions taken by the United States against Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR), have shed light on the growing threat posed by cyber operations targeting U.S. critical infrastructure. Pankratova, the leader of the group, and Degtyarenko, a primary hacker, have been implicated in a series of cyber-attacks that have raised concerns about public safety and national security.
CARR, known for its low-impact DDoS attacks in Ukraine and against entities supporting Ukraine, took a more aggressive approach in late 2023 by targeting industrial control systems of critical infrastructure in the U.S. and Europe. These attacks involved manipulating equipment at various facilities responsible for water supply, hydroelectric power, wastewater treatment, and energy production. One significant incident occurred in January 2024 when CARR caused overflowing water storage tanks in Abernathy and Muleshoe, Texas, leading to the loss of tens of thousands of gallons of water.
The group also compromised the SCADA system of a U.S. energy company, gaining control over essential functions like alarms and pumps. Despite the potential for significant damage, the lack of technical sophistication prevented more severe consequences from occurring. Videos posted by CARR showing their manipulation of human-machine interfaces at these facilities highlighted the group’s disruptive capabilities.
Yuliya Vladimirovna Pankratova, also known as “YUliYA,” is the leader and spokesperson of CARR, overseeing and coordinating the group’s cyber-attacks. Denis Olegovich Degtyarenko, known as “Dena,” plays a crucial role as a primary hacker within the group and was responsible for the breach of the SCADA system of a U.S. energy company. Degtyarenko has also developed training materials on how to breach such systems, raising concerns about potential distribution to other malicious actors.
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated Pankratova and Degtyarenko under Executive Order 13694, as amended, due to their involvement in cyber-enabled activities that pose significant threats to national security, foreign policy, or economic stability. This designation blocks all property and interests in property of the designated individuals within the U.S. or controlled by U.S. persons and requires reporting to OFAC. Entities owned 50 percent or more by these individuals are also subject to blocking, with U.S. persons prohibited from engaging in transactions involving the designated individuals without authorization.
Financial institutions and other entities engaging in transactions with the sanctioned individuals may face sanctions or enforcement actions for providing or receiving funds, goods, or services to or from the designated persons. OFAC emphasizes that the goal of sanctions is not punitive but to induce positive behavioral changes, providing detailed information and processes for those seeking removal from the sanctions list on their website.
The actions taken by the United States against Pankratova and Degtyarenko underscore the seriousness of cyber threats targeting critical infrastructure and the need for robust cybersecurity measures to protect against such attacks. As technology continues to advance, the risks associated with cyber operations targeting essential systems are likely to increase, highlighting the importance of vigilance and proactive security measures to safeguard critical infrastructure from malicious actors.