22 July 2024

Spain, the US strike pro-Russian hacktivists for attacks on critical infrastructure


Spain, the US strike pro-Russian hacktivists for attacks on critical infrastructure

Spanish police have arrested three individuals allegedly linked to a pro-Russian hacking collective known as NoName057(16) targeting Spain and other NATO countries that have supported Ukraine in its fight against the Russian invasion.

The arrests took place in Mallorca, Huelva, and Seville. The three were detained on suspicion of participating in denial-of-service (DDoS) attacks aiming to disrupt web pages of public and private organizations in the government sectors, critical infrastructures and essential services. The group has used a custom DDoS service named “DDoSia” to conduct the attacks.

The police didn’t name the arrested individuals, nor it said whether they were charged. The investigation is ongoing.

In the meantime, the US authorities sanctioned Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR), for their involvement in cyber operations against US critical infrastructure.

Pankratova leads CARR and acts as its spokesperson, while Degtyarenko, known online as Dena, is a primary hacker. Since 2022, CARR has carried out low-impact DDoS attacks in Ukraine and against entities supporting Ukraine. In late 2023, CARR claimed attacks on industrial control systems of critical infrastructure in the US and Europe, targeting water supply, hydroelectric, wastewater, and energy facilities using unsophisticated techniques.

Degtyarenko was responsible for compromising the SCADA system of a US energy company and, in May 2024, developed training materials on SCADA system compromise, potentially for distribution to other groups.


Back to the list

Latest Posts

Cisco says decade-old bug in ASA appliances exploited in the wild

Cisco says decade-old bug in ASA appliances exploited in the wild

The activity involving CVE-2014-2120 has been linked to the Mozi botnet.
3 December 2024
North Korea's Kimsuky group employs Russian sender addresses in phishing campaigns

North Korea's Kimsuky group employs Russian sender addresses in phishing campaigns

The objective of the attacks is credential theft, enabling Kimsuky to hijack victim accountsю
3 December 2024
Japanese crypto exchange DMM Bitcoin to shut down following $305M hack

Japanese crypto exchange DMM Bitcoin to shut down following $305M hack

It is believed that the North Korean state-backed threat actor Lazarus Group was behind the hack.
3 December 2024