Two Russian hackers who allegedly engaged in cyber attacks against critical infrastructure in the United States were sanctioned on July 19 by the Treasury Department.
The Russian nationals, Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, are alleged to be the leader and primary hacker, respectively, of the Cyber Army of Russia Reborn (CARR) group, according to a statement from the department.
Ms. Pankratova allegedly commands and controls CARR operations and has acted as the group’s spokesperson. Mr. Degtyarenko was allegedly behind the compromise of a control system in a U.S. energy company, giving the group control over the alarms and pumps for tanks in that system.
The sanctions mean that the two alleged hackers are now blocked from accessing any property they own in the United States. In addition, financial institutions and individuals that engage in transactions with them could be subject to enforcement actions, the Treasury noted.
Since 2022, CARR has carried out hacking attacks in Ukraine and against governments and firms in nations that support Ukraine. The group began targeting U.S. and European critical infrastructure in late 2023, manipulating industrial control system equipment at water supply, hydroelectric, wastewater, and energy facilities in these regions.
In January, CARR claimed responsibility for the overflow of water storage tanks at two locations in Texas. That led to the loss of tens of thousands of gallons of water, according to the Treasury.
Even though CARR gained authority over industrial control systems for a brief period, incidents of major damage to victims were avoided as the group lacked technical sophistication, the department stated.
“CARR and its members’ efforts to target our critical infrastructure represent an unacceptable threat to our citizens and our communities, with potentially dangerous consequences,” Undersecretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said.
“The United States has and will continue to take action, using our full range of tools, to hold accountable these and other individuals for their malicious cyber activities.”
“The defendants committed ransomware attacks against victims in the United States and around the world through LockBit, which was one of the most destructive ransomware groups in the world,” Principal Deputy Assistant Attorney General Nicole M. Argentieri said in a July 18 statement.
LockBit has attacked 1,800 victims in the United States, including individuals, hospitals, schools, nonprofits, critical infrastructure, multinational corporations, small businesses, and law enforcement agencies.
Cyber Threat to the United States
The sanctions and arrests follow warnings from security experts that critical U.S. infrastructure, such as communication networks and energy supplies, face a growing threat from cybercriminals.In May, Director of National Intelligence Avril Haines told lawmakers during a hearing of the Senate Armed Services Committee that malicious actors were preparing for a major attack and had ramped up attacks against critical infrastructure.
She said the number of cyberattacks rose by 74 percent globally last year, with many of these attacks targeting U.S. health care and industrial control systems.
“Cyber actors are attacking U.S. industrial control systems, which are typically used to automate industrial processes at record levels,” Ms. Haines said. “These actors put a premium on preparing offensive capability during peacetime, in part by preemptively planting footholds in our infrastructure.”
Affected industries included energy, food, and beverage manufacturing. One Iran-linked hacking group targeted the Municipal Water Authority of Aliquippa, Pennsylvania, in November 2023.
Among international players, China remains the key cyber adversary to the United States. A Feb. 7 joint advisory from multiple intelligence agencies warned that Chinese state-sponsored cyber actors were “seeking to preposition themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.”
