December 12, 2025 The United States has extradited a Ukrainian national accused of working with Russian-backed hacktivist groups that targeted critical infrastructure networks. The indictments outline operations attributed to groups that U.S. officials say were backed or enabled by the Russian state.
According to federal prosecutors, 33-year-old Victoria Eduardovna Dubranova participated in activities connected to CyberArmyofRussia_Reborn (CARR) and NoName057(16), two groups behind waves of denial-of-service attacks and intrusions affecting water systems, public services and other protected networks. Prosecutors allege that the operations disrupted essential services and, in some instances, risked the safety of drinking-water resources.
In a statement on the case, First Assistant U.S. Attorney Bill Essayli said, “Politically motivated hacktivist groups, whether state-sponsored like CARR or state-sanctioned like NoName, pose a serious threat to our national security, particularly when foreign intelligence services use civilians to obfuscate their malicious cyber activity targeting American critical infrastructure as well as attacking proponents of NATO and U.S. interests abroad.”
For her role in the CARR attacks, Dubranova is charged with one count of conspiracy to damage protected computers and tamper with public water systems, one count of access device fraud, one count of damaging protected computers and one count of aggravated identity theft. She faces one count of conspiracy to damage protected computers in the NoName057(16) case.
Dubranova pleaded not guilty to all the charges in the U.S. District Court in Los Angeles, and trial dates have been set for February 3 and April 7 for the two cases. If convicted, she faces a maximum sentence of 27 years in prison for the CARR charges and five years for the NoName057(16) charges.
CARR and NoName057(16) have drawn attention from U.S. law enforcement and cybersecurity agencies for years. The groups are believed to leverage distributed networks and low-barrier tools, including rented services and botnets, to amplify attacks and evade attribution, complicating defensive efforts and incident response for operators of industrial control systems. In some cases, critical infrastructure sectors including water, energy and food systems have been targeted, prompting repeated advisories from agencies like CISA and the FBI about strengthening operational technology security
Those two agencies have repeatedly warned that such groups can escalate disruptions quickly because they operate outside traditional state boundaries while still benefiting from state support or tolerance.
