Ukrainian Woman in US Custody for Aiding Russian NoName057 Hacker Group

The US Justice Department has indicted Ukrainian national Victoria Eduardovna Dubranova, 33, also known as “Vika,” a.k.a. “Tory,” a.k.a. “SovaSonya,” for her alleged role in a series of cyberattacks aimed at disrupting critical infrastructure around the world.

According to court documents, her work supported two well-known Russian-aligned hacking groups, NoName057(16) and CyberArmyofRussia_Reborn (CARR), also known as Z-Pentest, both believed to have backing from Russian state entities.

Dubranova was extradited to the United States earlier this year and now faces charges in two separate cases. One involves her alleged involvement with CARR, while the second ties her to NoName, another politically motivated group targeting Western countries. She pleaded not guilty to both indictments and is set to face trial in 2026.

In July 2025, police dismantled over 100 servers linked to NoName057(16) and arrested two individuals in coordinated operations across France and Spain. While those arrests targeted the same group Dubranova is accused of supporting, her extradition details remain undisclosed, and there is no public confirmation connecting her to those arrests.

Victoria Eduardovna Dubranova (Image credit: US Department of Justice – Via Courthouse News)

The Justice Department says these weren’t random cyberattacks or financially motivated ransomware campaigns. These were focused efforts designed to disrupt water systems, food supply chains, and public services.

CARR, for example, took responsibility for hacking drinking water systems in multiple U.S. states, causing major spills and system failures. The group also claimed attacks on a meat processing facility in Los Angeles, spoiling thousands of pounds of food and triggering an ammonia leak.

NoName, on the other hand, leaned heavily on its custom DDoS tool called “DDoSia” to knock government websites offline. The group recruited volunteers globally to launch these attacks, offering cryptocurrency rewards and leaderboard rankings to incentivise participation. It ran through an infrastructure built by a Russian state-sponsored IT group known as CISM, which had been operating under a 2018 order from the Russian president.

According to the DoJ’s press release, both groups received guidance and support from Russian government bodies. The CARR indictment references a GRU (Glavnoye Razvedyvatelnoye Upravleniye, Russia’s primary military intelligence agency) officer who provided direction on attack targets and paid for access to cybercriminal services. US authorities say that at times, CARR had over 100 members, including minors, and an online following in the tens of thousands.

****Reward Offered for Leads on Cyber Group CARR****

The US State Department is offering up to $2 million for information leading to the identification or location of individuals associated with the Cyber Army of Russia Reborn (CARR).

Authorities are particularly interested in three individuals, including Yuliya Pankratova, Denis Degtyarenko and “Cyber_1ce_Killer,” an individual linked to a GRU officer.

Poster credit: Reward for Justice

As for Dubranova, her charges carry significant penalties. In the CARR case, she faces a maximum sentence of 27 years for conspiracy, damaging protected systems, fraud, and identity theft. In the NoName case, the maximum is five years for a separate conspiracy charge.

****Governments in Conflict While Cybercriminals Move in Quiet Accord****

The arrest shows how cybercriminal networks exploit geopolitical conflict. While Russian and Ukrainian forces clash on traditional battlefields, hackers affiliated with adversarial states continue to work across borders.

This is not an isolated incident. In July 2025, the suspected administrator of XSS.IS, a major Russian-language cybercrime forum long believed by the cybersecurity community and law enforcement to have ties to Russian intelligence, was arrested in Ukraine during a joint operation involving French police and Europol.

Earlier, in 2024, Ukrainian authorities detained a cryptor-developer suspected of aiding notorious ransomware groups Conti and LockBit by building tools that helped their malware evade antivirus detection.