The United States has announced sanctions against Yulia Volodymyrivna Pankratova and Denys Olegovich Degtyarenko, the leader and chief hacker of the Russian hacking group Cyber Army of Russia Reborn (CARR), for their involvement in cyber operations against critical US infrastructure.
Pankratova, known online as YUliYA, is the leader of CARR and is responsible for command and control of the group’s operations. Degtyarenko, also known as Dena, is the group’s top hacker and is responsible for compromising the SCADA system of a US power company. They used simple techniques to manipulate industrial control systems at water, hydroelectric, sewage, and energy facilities in the United States and Europe. Despite the low level of technology, the CARR group has repeatedly caused damage to infrastructure, including overflowing reservoirs in Texas and controlling the control systems of oil and gas facilities.
The sanctions provide for the blocking of all property of Pankratova and Degtyarenko in the United States or under the control of American persons. All transactions by US citizens with these individuals without special authorizations are also prohibited. According to Brian E. Nelson, US Treasury Under Secretary for Terrorism and Financial Intelligence, the US will continue to use all available tools to prosecute malicious cyber activity.
Since the beginning of 2022, the CARR group has carried out attacks on government and private structures supporting Ukraine. They used DDoS attacks and manipulated industrial control systems, causing water losses and control of oil and gas facilities in the US. Previous US actions against Russian cybercriminals have included sanctions against leaders of the LockBit group and other hackers responsible for attacks on critical infrastructure.