The US Justice Department has announced two indictments charging 33-year-old Victoria Eduardovna Dubranova, a Ukrainian national said to be affiliated with two Kremlin-linked hacker groups.
In a Tuesday press release, the department said Dubranova, also operating under the aliases Vika, Tory, and SovaSonya, carried out “cyberattacks and computer intrusions against critical infrastructure and other victims around the world, in support of Russia’s geopolitical interests.”
The first indictment, which led to Dubranova’s extradition to the US “earlier this year,” charged her for her actions supporting CyberArmyofRussia_Reborn (CARR), a Russian hacker group.
“The CARR indictment charges Dubranova with one count of conspiracy to damage protected computers and tamper with public water systems, one count of damaging protected computers, one count of access device fraud, and one count of aggravated identity theft,” the press release says, adding she faces up to 27 years in federal prison if convicted.
The second indictment concerns her support for NoName057(16) (NoName), another Russian hacker group. The indictment is likely a result of a joint international operation titled “Operation Eastwind” coordinated by Europol and Eurojust in the summer of 2025.
“The NoName indictment charges Dubranova with one count of conspiracy to damage protected computers. If convicted of this charge, Dubranova would face a statutory maximum penalty of five years in federal prison,” the press release adds.
The US Rewards for Justice program offers up to $2 million for information on those linked to CARR and up to $10 million for those tied to NoName057(16).
The US is also offering up to $11 million in rewards for information leading to the capture of Volodymyr Viktorovych Tymoshchuk, a Ukrainian cyber actor linked to ransomware attacks.
Dubranova pleaded not guilty in both cases and is set to stand trial on Feb. 3, 2026, in the NoName case and on April 7, 2026, in the CARR case.
Kremlin-linked hacker groups
The RFJ described CARR as a group “linked to the Main Centre for Special Technologies (GTsST) within the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).”
Meanwhile, the program called NoName a “Russia-linked hacktivist group known for its malicious cyber activity targeting critical infrastructure in the United States as well as in European Union and NATO countries in support of Russian objectives.”
Both groups were said to have used Distributed Denial of Service (DDoS) attacks, which overwhelm targets with traffic and render them inoperable.
Bill Essayli, first assistant US attorney for the Central District of California, said the groups “pose a serious threat” to national security.
“Politically motivated hacktivist groups, whether state-sponsored like CARR or state-sanctioned like NoName, pose a serious threat to our national security, particularly when foreign intelligence services use civilians to obfuscate their malicious cyber activity targeting American critical infrastructure as well as attacking proponents of NATO and US interests abroad,” Essayli was quoted as saying by the US Justice Department press release.
The West has cautioned that systematic cyberattacks from Kremlin-linked hacker groups are part of Moscow’s hybrid warfare – a campaign that precedes Russia’s 2022 invasion of Ukraine but intensified in recent years.
On Monday, Reporters Without Borders (RSF) said a group linked to Russia’s Federal Security Service (FSB) was responsible for a failed cyberattack on the organization earlier this year.
In October, Russian hackers reportedly broke into UK Ministry of Defence data systems, making off with sensitive data about military personnel and other information from Royal Air Force and Royal Navy bases.