US extradites Ukrainian accused of hacking for Russia • The Register

A Ukrainian lady accused of hacking US public consuming water techniques and a meat processing facility on behalf of Kremlin-backed cyber teams was extradited to the US earlier this 12 months and can stand trial in early 2026.

Late Tuesday, the US Justice Division introduced costs towards Victoria Eduardovna Dubranova, 33, who the feds say was concerned in two pro-Russia hacktivist teams, CyberArmyofRussia_Reborn (CARR) and NoName057(16). She has pleaded not responsible and is scheduled to start trial within the NoName matter on February 3, and within the CARR matter on April 7.

Dubranova is a “pro-Russian hacktivist and administrator linked to malicious cyber assaults directed by the Russian GRU and the Russian presidential administration,” FBI cyber division assistant director Brett Leatherman advised reporters on Thursday. 

CARR, whose victims embrace public drinking water systems throughout a number of US states and a meat processing facility in Los Angeles, is understood for hacking industrial management techniques and conducting distributed-denial-of-service attacks (DDoS) towards important infrastructure web sites. 

CARR’s ties to Russia’s GRU

Within the case of the LA meat processor assault in November 2024, the digital intrusion induced 1000’s of kilos of meat to spoil and triggered an ammonia leak within the facility, and induced greater than $5,000 in damages, based on court documents [PDF]. US officers mentioned the general public consuming water system intrusions broken controls and spilled “tons of of 1000’s of gallons of consuming water.” 

The hacktivist crew has bragged about DDoSing tons of of victims worldwide, and the US authorities has blamed CARR for attacking election infrastructure and web sites for US nuclear regulatory entities.

A person utilizing the monikers “Cyber_1ce_Killer,” and “Commander,” who’s allegedly related to no less than one Principal Directorate of the Basic Employees of the Armed Forces of the Russian Federation (GRU) officer, can also be charged within the indictment. 

“Defendants and co-conspirators believed that defendant CYBER_ICE was in any respect related instances a Russian authorities agent and the defendant labored for the Federal Safety Service of the Russian Federation (FSB),” the courtroom paperwork say.

In response to the feds, the GRU financed CARR’s entry to numerous cybercriminal companies, together with subscriptions to DDoS-for-hire companies.

The CARR indictment costs Dubranova with one depend of conspiracy to break protected computer systems and tamper with public water techniques, one depend of damaging protected computer systems, one depend of entry system fraud, and one depend of aggravated id theft. 

If convicted of those costs, Dubranova would face a statutory most penalty of 27 years in federal jail. 

The US beforehand sanctioned two different CARR members.

NoName, one other DDoS nuisance

NoName’s victims included authorities companies, monetary establishments, and significant infrastructure, together with public railways and ports, based on the indictment [PDF]. 

Prosecutors say this crew recruited volunteers from all over the world to obtain DDoSia, its proprietary device for network-traffic-flooding assaults, and used their computer systems to DDoS victims. NoName additionally allegedly printed a every day leaderboard on its Telegram channel rating volunteers by variety of assaults, and paid prime individuals in cryptocurrency.

Over the summer time, the worldwide cops shut down more than 100 servers utilized by NoName057(16) as a part of the Europol-led Operation Eastwood.

The NoName indictment costs Dubranova with one depend of conspiracy to break protected computer systems. If convicted of this cost, Dubranova would face a statutory most penalty of 5 years in federal jail.

The only most necessary factor folks can do to guard themselves is to cut back the variety of OT units uncovered to the public-facing web

“Whereas these assaults could also be comparatively unsophisticated, they pose actual threat to our water techniques, meals provide and power sectors,” Leatherman mentioned on Thursday. “Each hacktivist teams have direct ties to the Russian authorities, and recruit members worldwide to facilitate assaults that additional Russian geopolitical objectives.”

At present’s indictment, based on Google, confirms its risk hunters’ earlier assessment of ties between CARR and the GRU.

“CARR carried out cyberattacks on US and European important infrastructure however hid behind this false persona,” John Hultquist, chief analyst at Google Menace Intelligence Group, advised The Register.

“The GRU is more and more leaning into prepared accomplices to cover their very own hand in destabilizing bodily and cyber assaults in Europe and the US,” he mentioned. “It is necessary that we by no means take an adversary’s phrase for it after they inform us who they’re. They regularly lie.”

Along with saying the fees towards Dubranova and co-conspirators, the US State Division provided potential rewards of up to $2 million for data on people related to CARR and as much as $10 million for data on people related to NoName. 

Plus, a number of US authorities companies – together with the FBI, Nationwide Safety Company, Division of Vitality, Environmental Safety Company, and the US Cybersecurity and Infrastructure Company (CISA) – together with greater than 20 worldwide companions, issued guidance for operational know-how (OT) homeowners and operators on the right way to safe their important networks towards assaults by these and different pro-Russian hacktivist teams.

“The only most necessary factor folks can do to guard themselves is to cut back the variety of OT units uncovered to the public-facing web,” CISA’s Chris Butera advised reporters.

These assaults are usually opportunistic, with hacktivist crews scanning VPNs and remote-access instruments linked to OT units, he added. 

“This broad, indiscriminate strategy has been used throughout a number of sectors, from water therapy services to grease properly techniques, typically utilizing simply repeatable and unsophisticated strategies,” Butera mentioned. “The cumulative influence of this malicious cyber exercise poses a persistent and disruptive risk to important companies.”

It additionally means even small utilities and providers are in danger.

“We see small organizations – whether or not they’re municipal, important infrastructure or simply small mother and pop outlets – that function via a safety mindset the place ‘we’re too small to be focused by overseas actors,'” Leatherman mentioned. “However in in the present day’s atmosphere, automated scanning offers a really efficient method of figuring out weak infrastructure.” ®