US sanctions Russian hacktivists who breached water facilities

The US government has imposed sanctions on two Russian cybercriminals for cyberattacks targeting critical infrastructure.

According to a US Treasury press release, the two sanctioned persons are Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, both key members of the Russia-aligned hacktivist group Cyber Army of Russia Reborn (CARR).

Pankratova, known online as 'YuliYA,' is allegedly the leader of CARR, controlling the threat group's operators and acting as their spokesperson.

Degtyarenko, aka 'Dena,' allegedly acts as CARR's primary hacker, carrying out the attacks and creating training materials for others.

CARR launched its operations in 2022 using distributed denial of service (DDoS) attacks targeting Ukraine and countries supporting it.

By late 2023, the threat group escalated its operations, targeting industrial systems at critical infrastructure sites, including water treatment and energy facilities in the US and Europe.

In January 2024, CARR claimed responsibility for compromising the SCADA system of a US energy firm and manipulating a water storage unit in Texas, posting video proof of their access to the related systems.

Though CARR did not manage to cause major damage during those incidents, the risk that arises from their activities is high enough to guarantee legal action.

"CARR and its members' efforts to target our critical infrastructure represent an unacceptable threat to our citizens and our communities, with potentially dangerous consequences," stated Treasury's Under Secretary for Terrorism, Brian E. Nelson.

"The United States has and will continue to take action, using our full range of tools, to hold accountable these and other individuals for their malicious cyber activities."

As a result of the announced sanctions, US-based property and interests for the designated individuals are essentially blocked.

Additionally, US persons are prohibited from performing transactions with the two hacktivists, while any financial institutions engaging with them may face sanctions or fines.

Sanctions against individuals in countries without US extradition agreements can still effectively isolate and pressure them, disrupt their cybercrime activities, and deter other hackers from engaging with them.

The US Treasury mentions the example of Dmitry Khoroshev, the leader of the LockBit ransomware operation, sanctioned in May 2024, as well as Aleksandr Gennadievich Ermakov, a Russian national and a member of the REvil ransomware group, sanctioned in January 2024.

A similar approach was taken in March 2024 against Zhao Guangzong and Ni Gaobin, Chinese state-sponsored hackers of the APT31 threat group.