From Anonymous to Arrest: Ukrainian Woman Charged in Russian-Backed Cyberattacks on US Infrastructure

In an unprecedented case highlighting the growing threat of state-sponsored cyberwarfare, 33-year-old Ukrainian national Victoria Eduardovna Dubranova now faces serious federal charges in the United States after her alleged involvement with Russian-backed hacking collectives. Known online by aliases including “Vika,” “Tory,” and “SovaSonya,” Dubranova was recently extradited to America and arraigned on Tuesday, where she pleaded not guilty to charges connecting her to two notorious hacking groups: CyberArmyofRussia_Reborn (CARR) and NoName057(16). The Department of Justice claims both organizations receive substantial backing from Russian government entities to advance Moscow’s geopolitical interests abroad, with Dubranova allegedly serving as a key operative in numerous attacks that caused significant real-world damage to American critical infrastructure and other Western targets.

The indictments paint a disturbing picture of CARR’s operations, describing it as an organization founded and funded directly by Russia’s military intelligence agency, the GRU. With a massive following exceeding 75,000 subscribers on its Telegram channel, CARR allegedly orchestrated sophisticated attacks that went beyond mere digital disruption to cause tangible harm to essential services. Prosecutors point to particularly troubling incidents including breaches of public water systems that resulted in the spillage of hundreds of thousands of gallons of drinking water, and a November 2024 attack on a Los Angeles meat processing facility that not only spoiled thousands of pounds of food products but also triggered a dangerous ammonia release. These attacks demonstrate how cyber operations increasingly threaten physical infrastructure that citizens depend upon daily.

The second organization linked to Dubranova, NoName057(16), has allegedly conducted over 1,500 cyberattacks between March 2022 and June 2025, targeting a wide range of victims across Europe. The group’s targets have included government agencies, telecommunications firms, military installations, financial institutions, and transportation authorities throughout Ukraine and NATO-aligned nations including Estonia, Finland, Lithuania, Norway, Poland, and Sweden. Perhaps most boldly, NoName057(16) even claimed responsibility for orchestrating cyberattacks against Dutch infrastructure both before and during the 2025 NATO Summit in The Hague—a direct challenge to Western security coordination. According to Chris Butera, acting deputy executive assistant director for cybersecurity at CISA, these groups employ “opportunistic, low-sophistication malicious cyber activity to gain notoriety and create mayhem,” suggesting their operations are designed as much for psychological impact as technical disruption.

The Department of Justice’s response reflects the seriousness with which American authorities now view such state-backed cyber operations. Assistant Attorney General for National Security John A. Eisenberg emphasized that “Today’s actions demonstrate the Department’s commitment to disrupting malicious Russian cyber activity—whether conducted directly by state actors or their criminal proxies—aimed at furthering Russia’s geopolitical interests.” This language signals a broader strategic approach that no longer distinguishes sharply between direct state actors and their affiliated “hacktivists,” viewing both as extensions of hostile foreign policy. The case represents part of a growing trend where Western governments increasingly treat cyberattacks against critical infrastructure as national security threats rather than conventional criminal matters, particularly when evidence suggests foreign government involvement.

The stakes for Dubranova are exceptionally high as she faces potential lengthy incarceration if convicted. For her alleged involvement with NoName057(16), she could receive up to five years in prison, while the CARR-related charges carry a significantly heavier maximum sentence of 27 years. With trials scheduled for February and April 2026, the cases will likely serve as important tests of the American judicial system’s ability to prosecute transnational cyber crimes involving state actors. Meanwhile, in a parallel effort to identify additional participants, the State Department’s Rewards for Justice program has announced a substantial reward of up to $10 million for information leading to other members of NoName057(16), accompanied by the taunting message: “They call themselves ‘NoName.’ But maybe YOU can name some names.” This approach signals an attempt to sow discord and paranoia within the ranks of these hacking collectives.

The Dubranova case highlights the evolving landscape of international conflict, where the lines between cybercrime, espionage, and warfare continue to blur. As nations like Russia allegedly employ proxy groups to advance their interests while maintaining plausible deniability, Western countries face the challenge of developing appropriate legal, diplomatic, and technical responses. The successful extradition and prosecution of Dubranova may represent a significant milestone in addressing these threats—demonstrating that individuals participating in state-sponsored cyber operations against critical infrastructure can face consequences regardless of where in the world they operate. As digital systems become ever more integrated into essential services, from water treatment to food production, the potential human impact of such attacks makes them not merely technical violations but genuine threats to public safety and national security, demanding increasingly robust international cooperation to combat them.