The U.S. Department of Justice has unveiled a series of actions against two Russian state-supported cyber collectives, CARR (also known as CyberArmyofRussia_Reborn or CyberArmyofRussia) and NoName057(16), with prosecutors unsealing dual indictments against Ukrainian national Victoria Eduardovna Dubranova, 33. Dubranova, known online as “Vika,” “Tory,” and “SovaSonya,” is accused of participating in destructive campaigns against critical infrastructure worldwide on behalf of Russian geopolitical objectives.
Dubranova was extradited to the United States earlier in 2025 on charges tied to CARR, and she has now been arraigned on a second indictment connected to NoName057(16). She pleaded not guilty in both proceedings. Trial in the NoName057(16) case is scheduled for February 3, 2026, while the CARR case is set for April 7, 2026.
Russian Government Involvement
According to prosecutors, both CARR and NoName057(16) operated with direct or indirect support from Moscow. CARR allegedly received Russian government funding used to acquire cyber tools, including subscriptions to DDoS-for-hire services. NoName057(16) was described as a covert, state-blessed endeavor tied to the Center for the Study and Network Monitoring of the Youth Environment (CISM), an IT organization established in 2018 by presidential order in Russia. Employees of that organization reportedly helped build NoName057(16)’s proprietary DDoS software, known as DDoSia.
Assistant Attorney General for National Security John A. Eisenberg said the enforcement effort demonstrates the Department’s commitment “to disrupting malicious Russian cyber activity, whether conducted directly by state actors or their criminal proxies,” emphasizing the need to defend key resources such as food and water systems.
First Assistant U.S. Attorney Bill Essayli warned that state-aligned hacktivist groups, including CARR and NoName057(16), pose serious national security concerns because they enable foreign intelligence services to obscure their involvement by using civilian proxies.
FBI Cyber Division Assistant Director Brett Leatherman stated that the Bureau will continue exposing and pursuing pro-Russia actors, including those with ties to the GRU. EPA Acting Assistant Administrator Craig Pritzlaff added that targeting water systems presents immediate hazards, pledging continued pursuit of individuals who threaten public resources.
Cyber Army of Russia Reborn (CARR / CyberArmyofRussia)
According to the indictments, CARR, also known as Z-Pentest and linked to CyberArmyofRussia, was created, funded, and directed by Russia’s GRU. The group has claimed responsibility for hundreds of global cyberattacks, including intrusions into U.S. critical infrastructure. CARR regularly published evidence of its operations on Telegram, where it amassed more than 75,000 followers and reportedly consisted of over 100 members, some of whom were juveniles.
The group allegedly targeted industrial control systems and carried out widespread DDoS attacks. Victims included public drinking water systems in multiple U.S. states, where operational disruptions led to the release of hundreds of thousands of gallons of drinking water. In November 2024, CARR allegedly attacked a meat processing plant in Los Angeles, causing thousands of pounds of meat to spoil and triggering an ammonia leak. The group also targeted election infrastructure and websites linked to nuclear regulatory bodies.
A figure known as “Cyber_1ce_Killer,” associated with at least one GRU officer, allegedly advised CARR on target selection and financed access to cybercriminal services. Dubranova faces charges including conspiracy to damage protected computers, tampering with public water systems, damaging protected computers, access device fraud, and aggravated identity theft. The statutory maximum penalty is 27 years in federal prison.
NoName057(16)
The indictment describes NoName057(16) as a clandestine project involving CISM personnel and external cyber actors. The group conducted hundreds of DDoS attacks in support of Russian interests, using its proprietary tool DDoSia. Participants worldwide were encouraged to run DDoSia, with rankings published on Telegram and cryptocurrency rewards doled out to top performers.
Targets included government agencies, ports, rail systems, financial institutions, and other high-value operations. For Dubranova, the NoName057(16) indictment carries a single charge of conspiracy to damage protected computers, with a maximum penalty of five years.
The law enforcement actions form part of Operation Red Circus, with coordination from Europol’s Operation Eastwood. In July 2025, investigators across 19 countries disrupted more than 100 servers linked to NoName057(16). Authorities also arrested two members outside Russia, announced charges against five individuals, and conducted searches of two service providers and 22 group members. The FBI also suspended the group’s primary X account.
Rewards and Prior Sanctions
The State Department simultaneously announced rewards of up to $2 million for information on CARR / CyberArmyofRussia members and up to $10 million for intelligence on NoName057(16) actors. A Joint Cybersecurity Advisory released by multiple U.S. agencies warned that Russian-aligned hacktivist groups exploit insecure VNC connections to access critical operational technology devices, a tactic linked to physical damage in several incidents.
Federal action against CARR is longstanding. On July 19, 2024, the Treasury Department sanctioned Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko for cyber operations targeting U.S. infrastructure. Degtyarenko was accused of accessing a SCADA system belonging to a U.S. energy company and developing training materials on exploiting similar systems.
CARR’s attacks escalated in late 2023 and throughout 2024, including manipulations of unsecured industrial systems across water, hydroelectric, wastewater, and energy facilities in the U.S. and Europe. Water utilities in Indiana, New Jersey, and Texas were among the affected sites, with one town forced into manual operations. In January 2024, CARR published a video showing interference with human-machine interfaces at a U.S. water utility.
