Victoria Eduardovna Dubranova, a thirty-three-year-old Ukrainian national also known as Vika, Tory, and SovaSonya, was recently arraigned in the United States after being extradited earlier this year. She faces charges for her alleged involvement in two separate Russian state-backed hacktivist organizations: NoName057(16) and CyberArmyofRussia_Reborn (CARR). Dubranova has entered a plea of not guilty to the charges in both cases. She is scheduled to face trial on the NoName indictment in February and the CARR matter in April 2026.

The indictment against Dubranova reveals the nature of the organizations she allegedly supported. NoName057(16) is described as a state-sanctioned initiative that was administered in part by multiple threat actors, alongside The Center for the Study and Network Monitoring of the Youth Environment (CISM). CISM is an information technology organization established under the order of the Russian president in October 2018. This group developed a specialized distributed denial-of-service tool named DDoSia, which it used to recruit volunteers to execute DDoS attacks targeting various critical infrastructure, including government, financial institutions, railways, and ports.

U.S. prosecutors also detailed the structure and backing of CyberArmyofRussia_Reborn. They assert that CARR was founded, financially supported, and directed by Russia’s military intelligence service, known as the GRU. CARR is noted for having a significant online presence, with over seventy-five thousand followers on Telegram and a membership exceeding one hundred individuals, some of whom are teenagers. This pro-Russia group has claimed responsibility for hundreds of cyberattacks against victims globally.

GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025

The attacks attributed to CARR have included significant disruptions to critical infrastructure within the United States. Specifically, the group has targeted public drinking water systems across several U.S. states, which resulted in damage to industrial controls and the spillage of hundreds of thousands of gallons of drinking water. Additionally, the indictment notes a breach in November 2024 against a Los Angeles meat processing facility’s systems, which allegedly caused an ammonia leak and the spoilage of thousands of pounds of meat. The group also directed attacks against the websites of nuclear regulatory bodies and U.S. election infrastructure.

Further linking CARR to the Russian state, prosecutors provided evidence of direct involvement by a GRU officer. This officer, who used the online pseudonym “Cyber_1ce_Killer,” was responsible for instructing CARR leadership on which targets to attack. Furthermore, the officer provided financial support for the group’s operations, specifically funding their access to distributed denial-of-service-for-hire services. The scale of CARR’s reach is underlined by its large following and membership, highlighting the breadth of the threat.

Source: Ukrainian Hacker Charged With Assisting Russian Hacktivist Groups In Cyber Attacks