US sanctions alleged Russian hackers who claimed attacks on US water facilities
Treasury posted photos of the two alleged hackers — Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko — unmasking them from the anonymous social media accounts that they tend to hide behind.
Pankratova and Degtyarenko are allegedly part of a politically motivated hacking group called Cyber Army of Russia Reborn (CARR) that has claimed credit for a series of cyberattacks against American and European organizations in support of Russia.
The string of hacks alarmed US officials because of how easy they were to pull off. The hackers logged into sensitive industrial software system that is supposed to be separated from the public internet. US national security adviser Jake Sullivan appealed to state officials and water authorities to shore up their cyber defenses.
The hack in January in the small town of Muleshoe, in north Texas, wasted tens of thousands of gallons of water, according to the Treasury Department. It coincided with at least two other towns in north Texas taking precautionary defensive measures.
Sanctions against criminal hackers are increasingly common as the US government tries to deter both politically and financially motivated computer operatives.
Among CARR’s other claimed targets was a wastewater treatment plant in Indiana. The hackers tend to blend their unsophisticated hacking efforts with psychological operations designed to drum up interests in the group and spread panic among targets. They have, for example, released videos of them purporting to infiltrate water systems set to dramatic music.
“Russia continues to provide a safe haven to cybercriminals and enable their malicious cyber activities against the United States and its allies and partners,” State Department spokesperson Matthew Miller said in a statement on Friday.
“While CARR’s lack of sophistication and victims’ responses have thus far prevented any instances of major damage, unauthorized access to critical infrastructure systems poses an elevated risk of harm to the public and can result in devastating humanitarian consequences,” Miller said.
The Cyber Army of Russia Reborn (CARR), alleged hackers Pankratova and Degtyarenko's group, has a history of targeting political entities, as shown by their claimed attack on a wastewater treatment plant in Indiana. The US government is concerned about the ease of these hacks, as shown by the hack in Muleshoe, Texas, which resulted in wasting tens of thousands of gallons of water.
