US charges Ukrainian woman for her alleged role in Russia-backed cyberattacks

By Sean Lyngaas, CNN

(CNN) — The US has indicted a Ukrainian woman for her alleged involvement with Russia-backed cybercriminal groups that have caused disruptions at American water and meat processing facilities, the Justice Department has said.

The case against Victoria Dubranova, 33, who was extradited to the US earlier this year and pleaded not guilty in court on Tuesday, is a counterpunch from US law enforcement following years of cyberattacks on US victims from two shadowy groups of hackers that gained notoriety following Russia’s full-scale invasion of Ukraine in 2022.

One of the groups, known as the Cyber Army of Russia Reborn (CARR), has claimed responsibility for hundreds of cyberattacks worldwide, including a hack in January 2024 in the town of Muleshoe, Texas, that wasted tens of thousands of gallons of water. Another attack by the group spoiled thousands of pounds of meat at a processing facility in Los Angeles in November 2024, causing an ammonia leak, the Justice Department said.

The groups have forced water plant managers in small towns in the US to confront opportunistic attacks from hackers supportive of Russian President Vladimir Putin’s war in Ukraine.

US prosecutors allege that Russia’s GRU intelligence agency founded and funded CARR. The other hacking group, called NoName057, drew from members of an IT organization established by Putin’s order in 2018, according to the Justice Department.

Indictments in the US Central District of California charge Dubranova with conspiracy to damage protected computers and tamper with public water systems, among other charges. She has pleaded not guilty, the Justice Department said. An attorney for Dubranova was not listed in court records.

“This is not a norm for us … to be able to obtain pro-Russian hacktivists and then have them successfully extradited to the United States,” Brett Leatherman, assistant director of the FBI’s Cyber Division, told reporters on Wednesday.

He hailed an increase in the number of arrests in recent months “related to cyber fugitives in both traditional and non-traditional partner countries.”

Thai authorities in November arrested a Russian man at the FBI’s request for allegedly supporting Russian cyber-espionage campaigns against US organizations.

Dubranova’s alleged role in the pro-Russian hacking groups highlights how Russia has allegedly co-opted tech-savvy Ukrainians who are sympathetic to Moscow to support the Kremlin’s interests.

The two pro-Russian hacking groups have targeted unsecured industrial computers that allow the hackers to interact with water pumps and other critical machinery. The groups often boast about their exploits on a Telegram channel while posting pro-Russia content. It’s partly a psychological operation designed to drum up interest in the group and spread panic among targets.

The threat remains. US government agencies on Tuesday warned that such pro-Russian hacking groups are “actively engaging in opportunistic, low-sophistication malicious cyber activity across multiple sectors.”

“While these attacks may be relatively unsophisticated, they pose real risks to our water systems, food supply and energy sectors,” Leatherman said.

The pro-Russian hackers have continued, as recently as this week, to claim new US victims on their Telegram channel.

The charges against Dubranova come as the US continues to try to strike a deal to end the war between Russia and Ukraine.

Tuesday’s actions show the Justice Department’s “commitment to disrupting malicious Russian cyber activity — whether conducted directly by state actors or their criminal proxies — aimed at furthering Russia’s geopolitical interests,” Assistant Attorney General for National Security John Eisenberg said in a statement.

In their public persona, CARR’s members often lend the appearance of a grassroots, patriotic Russian organization. But the Justice Department says the GRU has instructed CARR members on what organizations to hack.

“The GRU is increasingly leaning into willing accomplices to hide their own hand in destabilizing physical and cyberattacks in Europe and the US,” John Hultquist, chief analyst at Google Threat Intelligence Group, told CNN.“It’s important that we never take an adversary’s word for it when they tell us who they are. They frequently lie.”

US and Russian officials have had minimal and sporadic cooperation over the years on cybercrime. Washington is wary of what US officials say is Russian intelligence’s cozy relationship with Russian cybercriminals.

But even today, the FBI’s Leatherman said, US law enforcement and security officials still pass information to their Russian counterparts when it makes sense.

“We continue to provide law enforcement and national security information to the Russians when we believe there’s an opportunity to mitigate a threat to the homeland here or help them take action in country,” he said.

The-CNN-Wire
™ & © 2025 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.