Foreign National Indicted and Extradited to the United States for Role in Two Russia-Linked Cyber Hacking Groups
Conspiracy charges against defendant allege attacks against U.S. public water systems
WASHINGTON — On December 9, 2025, U.S. Environmental Protection Agency (EPA) and U.S. Attorney’s Office for the Central District of California and the Federal Bureau of Investigations (FBI) announced that a Ukrainian national has been charged with participating in conjunction with two Russia-linked criminal groups that conducted dozens of cyberattacks internationally, including against the United States.
The indictments against Victoria Eduardovna Dubranova, 33, also known as Vika, Tory, and SovaSonya, were unsealed today in the U.S. District Court in Los Angeles. Today, Dubranova was arraigned on a second indictment charging her for her actions supporting NoName057(16) (NoName). Dubranova pleaded not guilty in both cases, and is scheduled to begin trial in the NoName matter on Feb. 3, 2026, and on April 7, 2026, for the CARR matter.
Dubranova was extradited to the United States earlier this year on an indictment charging her for her actions supporting CyberArmyofRussia_Reborn (CARR), also known as Z-Pentest. CARR was founded, funded, and directed by the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). CARR has conducted dozens of destructive cyberattacks around the world, including attacks against critical infrastructure in the United States.
The CARR indictment charges Dubranova with one count of conspiracy to damage protected computers and tamper with public water systems, one count of damaging protected computers, one count of access device fraud, and one count of aggravated identity theft.
“The defendant’s illegal actions to tamper with the nation’s public water systems put communities and the nation’s drinking water resources at risk,” said EPA Acting Assistant Administrator for Enforcement and Compliance Assurance Craig Pritzlaff. “These criminal charges serve as an unequivocal warning to malicious cyber actors in the U.S. and abroad: EPA’s Criminal Investigation Division and our law enforcement partners will not tolerate threats to our nation’s water infrastructure and will pursue justice against those who endanger the American public. EPA is unwavering in its commitment to clean, safe water for all Americans.”
“Today’s actions demonstrate the Department’s commitment to disrupting malicious Russian cyber activity — whether conducted directly by state actors or their criminal proxies — aimed at furthering Russia’s geopolitical interests,” said Assistant Attorney General for National Security John A. Eisenberg. “We remain steadfast in defending essential services, including food and water systems Americans rely on each day, and holding accountable those who seek to undermine them.”
“Politically-motivated hacktivist groups, whether state-sponsored like CARR or state-sanctioned like NoName, pose a serious threat to our national security, particularly when foreign intelligence services use civilians to obfuscate their malicious cyber activity targeting American critical infrastructure as well as attacking proponents of NATO and U.S. interests abroad,” said First Assistant U.S. Attorney Bill Essayli for the Central District of California. “The charges announced today demonstrate our commitment to eradicating global threats to cybersecurity and pursuing malicious cyber actors working on behalf of adversarial foreign interests.”
"When pro-Russia hacktivist groups target our infrastructure, the FBI will use all available tools to expose their activity and hold them accountable,” said FBI Cyber Division Assistant Director Brett Leatherman. “Today’s announcement demonstrates the FBI’s commitment to disrupt Russian state-sponsored cyber threats, including reckless criminal groups supported by the GRU. The FBI doesn’t just track cyber adversaries - we work with global partners to bring them to justice.”
According to the indictment, CARR claimed credit for hundreds of cyberattacks against victims worldwide in support of Russia’s geopolitical interests. CARR primarily hacked industrial control facilities and conducted distributed denial of service (DDoS) attacks. Some of CARR’s victims included public drinking water systems across several U.S. states, resulting in damage to controls and the spilling of hundreds of thousands of gallons of drinking water. CARR also attacked a meat processing facility in Los Angeles in November 2024, spoiling thousands of pounds of meat and triggering an ammonia leak in the facility.
If convicted of these charges, Dubranova would face up to a statutory maximum sentence of 27 years in federal prison.
The law enforcement actions against CARR are part of Operation Red Circus, one of the FBI’s ongoing efforts to disrupt Russian state-sponsored cyberthreats to United States critical infrastructure and interests abroad. Concurrent with today’s announcement, the U.S. Department of State’s Rewards for Justice (RFJ) program, administered by the Diplomatic Security Service, announced a reward of up to $2 million for information on individuals associated with CARR. On July 19, 2024, Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions targeting two CARR members for their roles in cyber operations against U.S. critical infrastructure.
The investigation into CARR was conducted by the Environmental Protection Agency’s Criminal Investigation Division, the FBI’s Los Angeles Field Office, and the Department of Commerce’s Bureau of Industry and Security. The Justice Department’s Office of International Affairs provided significant assistance.
An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
More information on today’s indictment is available in the Department of Justice’s press release.
Ensuring that all Americans have access to clean and safe water is part of the first pillar of Administrator Zeldin’s Powering the Great American Comeback initiative. Cyberattacks represent a significant threat to this mission as evidenced by today’s criminal charges, which underscore that the water sector remains a target for advanced threat actors sponsored by or supportive of adversarial nation-states. Regardless of the motivation and sophistication of the threats, EPA’s message remains consistent: all drinking water and wastewater systems should ensure strong resilience to malicious cyber activity by, at a minimum, adopting basic cybersecurity measures that can be implemented with little or no cost.
As the Sector Risk Management Agency entrusted with leading Federal efforts to secure the water sector, EPA supports the efforts of our nation’s drinking water and wastewater systems to protect themselves against cyberattacks, and works with private and public sector partners to mitigate risks using an extensive array of tools, training, funding support, and direct technical assistance. EPA works with utilities to conduct cybersecurity assessments to determine their vulnerabilities and develop risk mitigation plans to systematically address security gaps. The Agency also proactively identifies and helps utilities eliminate internet-exposed industrial control devices at their water systems. These efforts protect communities — including homes, hospitals, schools, businesses, and military facilities — from potential disruptions and threats to vital water services. Additional information on the range of EPA’s cybersecurity assistance to the water sector is available on EPA’s Cybersecurity for the Water Sector webpage.
Additional information on protecting the nation’s water and wastewater sector from cybersecurity threats are available from EPA’s websites: