Illustration: Supimol Kumying | Shutterstock
Two Russian individuals, Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, who the US government has named the leader and primary hacker of the Cyber Army of Russia Reborn (CARR) hacktivist group, respectively, have been sanctioned for targeting US critical infrastructure.
The CARR was founded in 2022, and its attacks have been described as “low-impact, unsophisticated DDoS attacks” in Ukraine and its supporting countries by the US treasury’s announcement of the sanctions. Starting late 2023, however, CARR has been claiming attacks on the industrial control systems of multiple US and European critical infrastructure targets.
More recently, in January 2024, CARR claimed responsibility for overflowing water storage tanks in Abernathy and Muleshoe, Texas, resulting in the loss of “tens of thousands of gallons of water.” The hacktivist group also targeted an unnamed US company’s supervisory control and data acquisition (SCADA) systems, taking over the alarms and pumps for tanks in said system. However, due to their “lack of technical sophistication”, no major damage has been done yet.
As is the case with sanctions, the OFAC’s regulations generally prohibit all transactions by US persons or within the US that involve any property or interests in property or interests in property of designated or otherwise blocked persons. You can’t do business with the pair.
Another interesting point about CARR’s claimed attacks is the Mandiant report, which attributed the aforementioned attacks to Sandworm, a cybercrime group associated with Russia’s military intelligence agency GRU. According to Mandiant, CARR was just one of the many fronts Sandworm used to publicise its attacks. This distinction, however, hasn’t been made in Pankratova and Degtyarenko’s designation on the sanction list.
In the News: WazirX launches bounty program to recover stolen $230 million
