A Ukrainian national, Victoria Eduardovna Dubranova, has been charged in federal court for her alleged involvement in cyberattacks against critical infrastructure worldwide, supporting Russian interests. The indictments were unsealed in Los Angeles and relate to her actions with two Russian state-backed hacking groups: CyberArmyofRussia_Reborn (CARR) and NoName057(16) (NoName). Dubranova was extradited to the United States earlier this year and pleaded not guilty to both indictments. A trial date is set for February 3, 2026, on one case and April 7, 2026, on the other.
The Justice Department states that CARR received financial backing from the Russian government and used these resources to conduct distributed denial of service (DDoS) attacks through hired services. NoName operated as a state-sanctioned project managed partly by an IT organization established by order of the President of Russia in 2018. This group developed its own DDoS tool with help from co-conspirators.
“Politically motivated hacktivist groups, whether state-sponsored like CARR or state-sanctioned like NoName, pose a serious threat to our national security, particularly when foreign intelligence services use civilians to obfuscate their malicious cyber activity targeting American critical infrastructure as well as attacking proponents of NATO and U.S. interests abroad,” said First Assistant United States Attorney Bill Essayli. “The charges announced today demonstrate our commitment to eradicating global threats to cybersecurity and pursuing malicious cyber actors working on behalf of adversarial foreign interests.”
Assistant Attorney General for National Security John A. Eisenberg added: “Today’s actions demonstrate the Department’s commitment to disrupting malicious Russian cyber activity — whether conducted directly by state actors or their criminal proxies — aimed at furthering Russia’s geopolitical interests. We remain steadfast in defending essential services, including food and water systems Americans rely on each day, and holding accountable those who seek to undermine them.”
Brett Leatherman of the FBI’s Cyber Division stated: “When pro-Russia hacktivist groups target our infrastructure, the FBI will use all available tools to expose their activity and hold them accountable… The FBI doesn’t just track cyber adversaries—we work with global partners to bring them to justice.”
EPA Acting Assistant Administrator Craig Pritzlaff commented: “The defendant’s illegal actions to tamper with the nation’s public water systems put communities and the nation’s drinking water resources at risk… EPA is unwavering in its commitment to clean, safe water for all Americans.”
Akil Davis from the FBI Los Angeles Field Office noted: “Pro-Russia cybercriminal groups such as CARR and NoName057(16) have been emboldened to target the critical infrastructure of the United States and NATO allies… Today’s announcement underscores the FBI’s priorities and capabilities in countering cyber threats and demonstrates the FBI’s dedication to working with foreign partners to protect victims worldwide.”
According to court documents, CARR—also known as Z-Pentest—was founded by Russia’s Main Directorate of the General Staff (GRU). It claimed responsibility for hundreds of attacks globally that targeted industrial control facilities via DDoS methods. Victims included public drinking water systems across several U.S. states; these incidents caused damage leading to large-scale spills of drinking water.
CARR also attacked a meat processing facility in Los Angeles in November 2024, resulting in spoiled meat products and an ammonia leak. Other targets included U.S. election infrastructure during elections and websites linked with nuclear regulatory bodies.
Dubranova faces multiple charges related to her alleged activities with CARR—including conspiracy involving protected computers—and could receive up to 27 years if convicted.
NoName057(16), meanwhile, reportedly included staff from The Center for the Study and Network Monitoring of the Youth Environment (CISM), an organization created by presidential order in Russia claiming internet safety goals for youth but implicated here as developing attack tools used against international targets such as government agencies, financial institutions, railways, ports—and recruiting volunteers globally via Telegram channels.
For her role with NoName057(16), Dubranova faces up to five years if convicted.
These law enforcement actions are part of Operation Red Circus—a joint effort between U.S., Europol (Operation Eastwood), Germany’s BKA police agency https://www.bka.de/EN/, Dutch National Police https://www.politie.nl/en, Spanish National Police https://www.policia.es/_en/index.php, Swiss Federal Police https://www.fedpol.admin.ch/fedpol/en/home.html, Swedish Polismyndigheten https://polisen.se/en/, French Gendarmerie Nationale https://www.gendarmerie.interieur.gouv.fr/—and others—which disrupted over 100 servers worldwide associated with NoName activities.
Additionally, sanctions have been imposed by OFAC against key members of CARR following Treasury announcements made July 19, 2024 regarding individuals responsible for operations against U.S. infrastructure.
The cases are being prosecuted by attorneys from both local U.S. Attorney offices’ National Security Divisions as well as DOJ’s National Security Cyber Section; asset forfeiture matters are handled separately within DOJ structures.
All defendants are presumed innocent until proven guilty beyond reasonable doubt.
