Ukrainian National Twice Indicted in Los Angeles for Pro-Russian Hacking
U.S. and allied cybersecurity agencies warned this week that pro-Russian hacktivists are targeting critical infrastructure through low-skill but persistent techniques that exploit exposed remote access tools. The alert came as federal prosecutors announced indictments charging a 33-year-old Ukrainian national for participating two of the most active group’s critical infrastructure hacks.
See Also: Going Beyond the Copilot Pilot – A CISO’s Perspective
An advisory from the Cybersecurity and Infrastructure Security Agency, the FBI, NSA and other U.S. and global agencies said pro-Russian hacktivists lean on opportunistic breaches targeting operational technology environments – often by scanning for internet-facing virtual network computing services with weak or no authentication protocols. Officials described the campaigns as “less sophisticated, lower-impact attacks” than operations run by advanced persistent threat actors. Basic techniques can still disrupt industrial processes when attackers reach poorly secured devices tasked with controlling physical equipment.
The advisory singles out groups Cyber Army of Russia Reborn, Z-Pentest, NoName057(16) and Sector16, which have spent the last several years claiming credit for an array of hacks against water utilities, energy operators and government services in the United States and abroad. They select victims based on easy access rather than any detailed targeting plan, taking advantage of exposed virtual network computing services and other remote access tools that allow direct interaction with human-machine interfaces and OT assets (see: Russian DDoS Groups Frothing After Europe Backs Ukraine).
Federal officials said many of the incidents tied to the activity included in the advisory have been limited in scope, but some hacks have caused physical impacts, particularly when attackers reach poorly segmented networks that connect remote access services to live control systems.
The advisory was published Tuesday, the same day 33-year-old Ukrainian national Victoria Eduardovna Dubranova pleaded not guilty in Los Angeles federal court to a second hacking indictment, this one for supporting NoName057(16). Ukraine extradited Dubranova earlier this year to face Link text goes herecharges of supporting CyberArmyofRussia_Reborn.
Prosecutors say she supported efforts to disrupt critical services in multiple countries and helped facilitate distributed denial-of-service attacks and other online operations designed to advance pro-Russian narratives and pressure governments that back Ukraine and NATO.
Dubranova’s work with CyberArmyofRussia_Reborn included the tampering of public water systems, prosecutors allege. They say the group perpetrated an infamous January 2024 attack against a Texas water utility that caused drinking water to overflow. The group was also allegedly behind the September 2024 hack of an Indiana water utility in an incident that caused all pumps to activate, and a July 2024 incident in Pennsylvania that compromised a landfill water treatment installation.
“The defendant’s illegal actions to tamper with the nation’s public water systems put communities and the nation’s drinking water resources at risk,” EPA Acting Assistant Administrator Craig Pritzlaff said in a statement.
Prosecutors say the hacktivist groups at the center of the case relied on Russian government support to fund subscriptions to DDoS services and other off-the-shelf cybercrime tooling.