The U.S. DOJ Takes Action Against Russian Cyber Groups CARR and NoName057(16)
The U.S. Department of Justice (DOJ) has announced significant legal actions aimed at two Russian state-affiliated cyber groups, CARR, also known as CyberArmyofRussia_Reborn or CyberArmyofRussia, and NoName057(16). Prosecutors have unveiled dual indictments against Victoria Eduardovna Dubranova, a 33-year-old Ukrainian national. Dubranova, who goes by the online aliases “Vika,” “Tory,” and “SovaSonya,” is accused of being involved in cyberattacks aimed at international critical infrastructure services in line with Russian geopolitical interests.
Recent Developments in Dubranova’s Case
Earlier in 2025, Dubranova was extradited to the United States on charges related to her involvement with CARR. Following this, she has been arraigned on a second indictment associated with NoName057(16). In both cases, she has pleaded not guilty. The trials are scheduled: the NoName057(16) case on February 3, 2026, and the CARR case on April 7, 2026.
Link to Russian Government
Prosecutors argue that both CARR and NoName057(16) operate with the backing of the Russian government. Allegations indicate that CARR received financial support from Moscow to acquire advanced cyber tools, including subscriptions to distributed denial-of-service (DDoS) service providers. NoName057(16) is described as a covert initiative linked to the Center for the Study and Network Monitoring of the Youth Environment (CISM), a Russian IT organization established through presidential decree in 2018. Reports suggest that personnel from CISM helped build NoName057(16)’s DDoS software capable of launching significant cyberattacks.
Assistant Attorney General for National Security John A. Eisenberg remarked that these enforcement actions demonstrate a commitment to thwarting Russian cyber operations, stressing the importance of safeguarding critical national resources, including water and food supply systems.
Impact on National Security
First Assistant U.S. Attorney Bill Essayli highlighted the national security threats posed by state-aligned hacktivist groups like CARR and NoName057(16). These groups cloak foreign intelligence activities, allowing state actors to distance themselves from cyberattacks. FBI Cyber Division Assistant Director Brett Leatherman stated that the Bureau is dedicated to identifying and pursuing pro-Russian actors connected to military intelligence (known as the GRU). Meanwhile, Craig Pritzlaff, Acting Assistant Administrator for the Environmental Protection Agency, emphasized the danger posed to water systems, committing to the pursuit of threats against public resources.
The Cyber Army of Russia Reborn (CARR)
CARR, also recognized as Z-Pentest and linked to the GRU, is noted for orchestrating numerous global cyberattacks, including breaches into critical U.S. infrastructure. The group has openly shared its exploits on Telegram, amassing over 75,000 followers and claiming to involve more than 100 members, some of whom are minors. Allegations against CARR include DDoS attacks and intrusions targeting industrial control systems. Their victims have included public drinking water systems in various U.S. states, leading to severe operational issues and environmental hazards.
One notable incident involved a DDoS attack on a Los Angeles meat processing plant which spoiled thousands of pounds of meat and triggered an ammonia leak. CARR has also targeted election infrastructure and entities associated with nuclear oversight.
Dubranova faces multiple charges, including conspiracy to damage protected computers and tampering with public water systems, with a maximum sentence of 27 years in federal prison.
Operations of NoName057(16)
The indictment for NoName057(16) identifies it as a clandestine operation that collaborates with CISM personnel and other external cyber actors. Armed with the DDoSia tool, NoName057(16) has conducted countless attacks to further Russian interests. Members are encouraged to run the DDoS software, with rankings and cryptocurrency rewards distributed among high achievers.
The group has targeted a range of entities, including government bodies, financial institutions, ports, and rail systems. Dubranova faces a conspiracy charge related to NoName057(16), carrying a maximum penalty of five years.
Rewards and Previous Sanctions
In tandem with these legal actions, the State Department has announced rewards of up to $2 million for information leading to arrests related to CARR and up to $10 million for information about NoName057(16). A cybersecurity advisory jointly issued by U.S. agencies warned that Russian-aligned groups often exploit insecure virtual network computing (VNC) connections to access vital operational technology, raising significant real-world risks.
These efforts against CARR are not new. In July 2024, the Treasury Department sanctioned individuals linked to cyber operations directed at U.S. infrastructure, including one individual accused of compromising critical SCADA systems. CARR’s attacks intensified throughout late 2023 and into 2024, impacting various sectors, including water utilities across several states, drawing urgent concerns from federal authorities.
