The Cyber Collaboration: A Ukrainian Hacker’s Alleged Role in Russian Hacktivist Operations

The Alleged Role of Ukrainian National Victoria Eduardovna Dubranova in Cyberattacks

A Ukrainian national, Victoria Eduardovna Dubranova, has been charged by U.S. prosecutors for her involvement in cyberattacks targeting critical infrastructure globally. These attacks include U.S. water systems, election systems, and nuclear facilities, allegedly carried out on behalf of Russian state-backed hacktivist groups.

Victoria Eduardovna Dubranova, aged 33 and known by aliases such as Vika, Tory, and SovaSonya, was arraigned on Tuesday for her alleged role in NoName057(16). She was extradited to the U.S. earlier this year for supporting CyberArmyofRussia_Reborn (CARR).

Dubranova has pleaded not guilty in both cases and is set to face trial in February for the NoName indictment and in April 2026 for the CARR matter.

The NoName057(16) project, as per the indictment, was a state-sanctioned initiative involving multiple threat actors and The Center for the Study and Network Monitoring of the Youth Environment (CISM), an organization created by order of the Russian president in October 2018.

The NoName Russian hacktivist group developed a DDoS tool named DDoSia and recruited volunteers globally to launch attacks against government agencies, financial institutions, and critical infrastructure like railways and ports.

U.S. prosecutors highlighted that the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) established, funded, and oversaw CARR, a pro-Russia hacktivist group. CARR boasted over 75,000 Telegram followers and more than 100 members, some of whom were teenagers. The group claimed responsibility for numerous cyberattacks worldwide.

CARR targeted public drinking water systems in several U.S. states, causing damage to industrial controls and releasing large amounts of drinking water. The group also breached a Los Angeles meat processing facility in November 2024, leading to an ammonia leak and spoiling a significant amount of meat. Additionally, they attacked nuclear regulatory entity websites and U.S. election infrastructure.

A GRU officer operating under the pseudonym “Cyber_1ce_Killer” provided instructions to CARR leadership on targets and financed the group’s access to distributed denial-of-service-for-hire services.

If convicted, Dubranova could face up to 27 years for the CARR charges and up to 5 years for the NoName charges.

Craig Pritzlaff, Acting Assistant Administrator at the Environmental Protection Agency (EPA), emphasized the risks posed by Dubranova’s actions on the nation’s public water systems. He stated that these criminal charges send a clear message to cyber actors, both in the U.S. and abroad, that threats to national water infrastructure will not be tolerated.

The U.S. State Department has offered rewards of up to $2 million for information on individuals associated with CARR and up to $10 million for details on those linked with NoName.

In a joint advisory with various cybersecurity and law enforcement agencies, CISA warned about the targeting of critical infrastructure organizations by pro-Russia hacktivist groups like CARR, NoName, Z-Pentest, and Sector16. These attacks can have varying impacts, including physical damage.

In July 2024, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned two CARR members, Denis Olegovich Degtyarenko and Yuliya Vladimirovna Pankratova, for cyberattacks against U.S. critical infrastructure.