Security News > 2024 > July > Two Russians sanctioned over cyberattacks on US critical infrastructure
Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, named by the US government as CARR's leader and attacker-in-chief respectively, were designated for their alleged roles in attacks on US critical national infrastructure.
Despite much of CARR's work since its inception in 2022 revolving around what the US Department of the Treasury describes as "Low-impact, unsophisticated DDoS attacks in Ukraine," the group was blamed for various attacks on US and European water facilities earlier this year.
Back in January, CARR claimed responsibility for attacks on human-machine interfaces controlling OT systems in the US and Poland via its Telegram channel.
Water supply, hydroelectric, wastewater, and energy facilities were affected by the remote manipulation of controls, which also led to the overflowing of water storage tanks in Abernathy and Muleshoe, Texas.
"Despite CARR briefly gaining control of these industrial control systems, instances of major damage to victims have thus far been avoided due to CARR's lack of technical sophistication," the announcement reads.
Mandiant previously attributed these attacks to Sandworm - an offensive cyber unit inside Russia's military intelligence arm, GRU. A report from the infosec giant in April said CARR was just one of the many Telegram accounts Sandworm used to publicize its attacks, but the US hasn't explicitly made these links in announcing Pankratova and Degtyarenko's designation.
News URL
Related news
- U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- US Government, Microsoft Aim to Disrupt Russian threat actor ‘Star Blizzard’ (source)
- Cyberattack Group 'Awaken Likho' Targets Russian Government with Advanced Tools (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- US warns of last-minute Iranian and Russian election influence ops (source)
- Russian suspected Phobos ransomware admin extradited to US over $16M extortion (source)