The United States exposes the identity of and imposes sanctions on two members of the Russian government-aligned hacktivist group.

WASHINGTON — Today, the United States designated Yuliya Vladimirovna Pankratova (Pankratova) and Denis Olegovich Degtyarenko (Degtyarenko), two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR) for their roles in cyber operations against U.S. critical infrastructure. These two individuals are the group’s leader and a primary hacker, respectively.

“CARR and its members’ efforts to target our critical infrastructure represent an unacceptable threat to our citizens and our communities, with potentially dangerous consequences,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. “The United States has and will continue to take action, using our full range of tools, to hold accountable these and other individuals for their malicious cyber activities.”

This designation follows several other recent U.S. Treasury actions to combat Russia-based cyber criminals. These include the May 7, 2024 designation of Dmitry Khoroshev, also known as LockBitSupp, who is a leader of the LockBit ransomware group, and the February 20, 2024 designation of LockBit affiliates Ivan Kondratiev and Artur Sungatov. According to the Department of Justice, LockBit has targeted over 2,500 victims worldwide and is alleged to have received more than $500 million in ransom payments. Furthermore, on January 23, 2024, the U.S. Treasury, in coordination with Australia and the United Kingdom, designated Alexander Ermakov, who was responsible for the October 2022 infiltration of one of Australia’s largest private health insurers, Medibank.

Since 2022, CARR has conducted low-impact DDoS attacks in Ukraine and against governments and companies located in countries that have supported Ukraine. In late 2023, CARR started to claim attacks on industrial control systems of multiple U.S. and European critical infrastructure targets. Using various unsophisticated techniques, CARR has been responsible for manipulating industrial control system equipment at water supply, hydroelectric, wastewater, and energy facilities in the U.S. and Europe.

In January 2024, CARR claimed responsibility for overflowing water storage tanks in Abernathy and Muleshoe, Texas by manipulating human-machine interfaces at each facility on a public forum. The compromise resulted in tens of thousands of gallons of water being lost. Additionally, CARR compromised a SCADA system at a U.S. energy company but instances of major damage were avoided due to their lack of technical sophistication.

Pankratova is a Russian cybercriminal leading CARR's operations under her alias "YUliYA". She acts as a spokesperson for CARR.

Degtyarenko is another key figure within CARR operating under his alias "Dena". He was behind compromising SCADA systems at a U.S energy company earlier this year.

OFAC is designating Pankratova and Degtyarenko pursuant to E.O. 13694 as amended for engaging in cyber-enabled activities originating from outside the United States that pose significant threats to national security or economic stability.

As a result of today’s action all property belonging to these individuals within U.S jurisdiction is blocked along with any entities they own more than fifty percent stake in directly or indirectly without specific OFAC authorization or exemption transactions involving these properties are prohibited including contributions funds goods or services provided by or benefiting them

Financial institutions engaging with sanctioned individuals may face enforcement actions prohibitions include contributions provision funds goods services benefiting designated persons

OFAC aims not just punishment but positive behavioral change details removal process available online