US Sanctions Russian Hackers Over Infrastructure Attacks

Matthew Broersma,
Linkedin
St. Basil's Cathedral on Red square, Moscow, Russia

US Treasury sanctions two members of Russian hacking group over critical infrastructure attacks as hacktivists threaten Olympics

The US Treasury has imposed sanctions on two members of a pro-Russia hacking group it said was responsible for attacks on US critical infrastructure.

The Treasury said Yuliya Vladimirovna Pankratova was the leader of hacktivist group Cyber Army of Russia Reborn (CARR), while Denis Olegovich Degtyarenko was the group’s primary hacker.

CARR has conducted cyber-attacks in Ukraine and countries and against countries and companies that support it amidst the ongoing conflict there.

Those attacks include incidents involving US critical infrastructure, as well as other attacks involving the industrial control systems of water supply, hydroelectric, wastewater, and energy facilities in the US and Europe.

Yuliya Pankratova and Denis Degtyarenko of Cyber Army of Russia Reborn. Image credit: US Treasury Department
Denis Degtyarenko and Yuliya Pankratova of Cyber Army of Russia Reborn. Image credit: US Treasury Department

Infrastructure attacks

“CARR and its members’ efforts to target our critical infrastructure represent an unacceptable threat to our citizens and our communities, with potentially dangerous consequences,” said undersecretary of the Treasury for terrorism and financial intelligence Brian E. Nelson.

The official designation means property or organisations belonging to the two are frozen and must be reported to the Treasury, while financial institutions that engage in transactions with the people may expose themselves to sanctions.

The official exposure of the identities of Pankratova and Degtyarenko also creates an inconvenience for them and could expose them to risks.

In January CARR claimed responsibility for the overflow of water storage tanks in Abernathy and Muleshoe, Texas, manipulating human-machine interfaces to cause the loss of tens of thousands of gallons of water.

The group also compromised the supervisory control and data acquisition (SCADA) system of a US energy company, giving them control of the alarms and pumps for tanks in that system.

‘Lack of technical sophistication’

“Despite CARR briefly gaining control of these industrial control systems, instances of major damage to victims have thus far been avoided due to CARR’s lack of technical sophistication,” the Treasury said.

In May the Treasury similarly sanctioned and exposed the identity of Dmitry Khoroshev, which it said was the leader of the LockBit ransomware gang.

Law enforcement agencies seized the group’s cyber-infrastructure in February, contributing to a major dip in ransomware incidents for the first quarter, security experts have said.

CARR is one of the pro-Russia hacktivist groups expected to pose a major cyber-threat to the Paris Olympic Games opening on Friday.