Two Russian hackers who allegedly engaged in cyber attacks against critical infrastructure in the United States were sanctioned on July 19 by the Treasury Department. The Russian nationals, Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, are alleged to be the leader and primary hacker, respectively, of the Cyber Army of Russia Reborn (CARR) group, according to a statement from the department.
Ms. Pankratova allegedly commands and controls CARR operations and has acted as the group’s spokesperson. Mr. Degtyarenko was allegedly behind the compromise of a control system in a U.S. energy company, giving the group control over the alarms and pumps for tanks in that system.
The sanctions mean that the two alleged hackers are now blocked from accessing any property they own in the United States. In addition, financial institutions and individuals that engage in transactions with them could be subject to enforcement actions, the Treasury noted.
Since 2022, CARR has carried out hacking attacks in Ukraine and against governments and firms in nations that support Ukraine. The group began targeting U.S. and European critical infrastructure in late 2023, manipulating industrial control system equipment at water supply, hydroelectric, wastewater, and energy facilities in these regions.
In January, CARR claimed responsibility for the overflow of water storage tanks at two locations in Texas. That led to the loss of tens of thousands of gallons of water according to Treasury.
Even though CARR gained authority over industrial control systems for a brief period incidents major damage victims avoided as lacked technical sophistication department stated.
“CARR members’ efforts target our critical infrastructure represent an unacceptable threat citizens communities potentially dangerous consequences,” Undersecretary Treasury Terrorism Financial Intelligence Brian E Nelson said.
“The United States continue action using full range tools hold accountable individuals malicious cyber activities.”
A Russian national dual Canadian Russian national recently pleaded guilty United States taking part ransomware group.
“The defendants committed ransomware attacks victims United States world through LockBit one destructive ransomware groups world,” Principal Deputy Assistant Attorney General Nicole M Argentieri said July 18 statement.
LockBit attacked 1 800 victims United States including individuals hospitals schools nonprofits critical infrastructure multinational corporations small businesses law enforcement agencies.
Three hackers NoName057 group targets public institutions companies pro-Ukraine nations recently arrested Spain Spanish Ministry Interior announced.
Cyber Threat United States
sanctions arrests follow warnings security experts critical US infrastructure communication networks energy supplies face growing threat cybercriminals.
May Director National Intelligence Avril Haines told lawmakers hearing Senate Armed Services Committee malicious actors preparing major attack ramped attacks critical infrastructure.
She said number cyberattacks rose 74 percent globally last year many attacks targeting US health care industrial control systems.
“Cyber actors attacking US industrial control systems typically used automate industrial processes record levels” Ms Haines said “These actors put premium preparing offensive capability peacetime part preemptively planting footholds our infrastructure.”
December multiple federal agencies warned hackers linked Iran targeting water systems industries US made use certain tech components made Israeli firm.
Affected industries included energy food beverage manufacturing One Iran-linked hacking group targeted Municipal Water Authority Aliquippa Pennsylvania November 2023
Among international players China remains key cyber adversary United States Feb joint advisory multiple intelligence agencies warned Chinese state-sponsored cyber actors “seeking preposition IT networks disruptive destructive cyberattacks against US critical infrastructure event major crisis conflict with United States.”
