The U.S. Justice Department has unsealed new federal charges against a Ukrainian woman tied to a wide-ranging campaign of Russian state-sponsored cyberattacks. Victoria Eduardovna Dubranova, age 33, faces multiple indictments in Los Angeles. She is accused of providing support to two prominent pro-Russia hacking groups. These groups repeatedly targeted critical infrastructure across the United States and allied nations.
Dubranova was extradited to the U.S. earlier this year to face justice. Authorities allege she actively assisted two distinct operations: CyberArmyofRussia_Reborn (CARR) and NoName057(16). Both organizations, prosecutors assert, receive financial and operational backing from Moscow to advance Russian geopolitical interests. The groups are not merely independent actors. They serve as proxies for the Kremlin, helping to obscure the state’s direct involvement in destabilizing attacks.
The charges against Dubranova are significant. They describe malicious activity that evolved beyond simple disruption. The attacks moved into destructive intrusions against essential services and industrial control systems. CARR, the more destructive of the two groups, reportedly receives its funding and direction from the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, known as the GRU. This military intelligence agency uses the group as a civilian front.
The indictments detail several tangible real-world harms caused by these intrusions. Attackers targeted public drinking water systems in multiple U.S. states. They allegedly tampered with control systems, resulting in the spillage of hundreds of thousands of gallons of clean drinking water. Federal investigators also cited an attack on a Los Angeles meat processing facility. That breach spoiled thousands of pounds of meat products. It also triggered a dangerous ammonia leak inside the plant.
These charges mark a critical first step for U.S. law enforcement. Specifically, this is the first time the U.S. has charged an individual under the law designed to protect water systems from cyber tampering. This demonstrates the government’s commitment to defending essential services. It sends an unequivocal warning to malicious cyber actors globally.
The second group, NoName057(16), primarily focused on using Distributed Denial-of-Service (DDoS) attacks. These attacks overwhelm targets with traffic, rendering websites and systems inoperable. NoName claimed credit for over 1,500 cyberattacks between March 2022 and June 2025. Their targets included government agencies, financial institutions, and public transportation infrastructure across NATO countries. The group recruited participants globally using its proprietary DDoS tool, known as DDoSia.
Assistant Attorney General John A. Eisenberg emphasized the Department’s resolve. He stated that the Justice Department will continue to disrupt malicious Russian cyber activity. This action applies whether the activity is conducted by state actors or their criminal proxies. Dubranova has pleaded not guilty to all counts. If convicted, she faces a statutory maximum sentence of 27 years in federal prison for the CARR-related charges. Concurrent with the indictments, the State Department announced rewards of up to $10 million for information leading to the identification or location of key individuals associated with the groups. The FBI’s efforts, including Operation Red Circus, continue to disrupt these state-sponsored threats to national security.
