The Department of Treasury sanctioned two members of a Russian nationalist hacktivist group on July 19 over an incident in January that led to the overflow of water storage tanks in Texas.
Leader Yuliya Vladimirovna Pankratova and primary hacker Denis Olegovich Degtyarenko are members of the Cyber Army of Russia Reborn (CARR), a group known for “various unsophisticated techniques” against critical infrastructure in the United States and Europe, according to the Treasury Department.
CARR claimed responsibility for the attack after posting a five-minute video in January on Telegram, a cloud-based instant messaging app, that allegedly depicted the hack.
Muleshoe and Abernathy, Texas, were hit by the attack, which resulted in tens of thousands of gallons of water overflowing.
“CARR and its members’ efforts to target our critical infrastructure represent an unacceptable threat to our citizens and our communities, with potentially dangerous consequences,” Brain E. Nelson, the Treasury Department’s under secretary for terrorism and financial intelligence, said in a press release.
“The United States has and will continue to take action, using our full range of tools, to hold accountable these and other individuals for their malicious cyber activities,” he said.
CARR additionally compromised the supervisory control and data acquisition (SCADA) system of a U.S. energy company that gave them control over the tanks’ alarms and pumps. The Treasury said that no “instances of major damage to victims” have occurred.
The hacktivist group may be linked to the Russian Main Intelligence Directorate military unit known as “Sandworm,” which has been responsible for operations against Ukraine for the past decade and the disruption of the 2018 Winter Olympics, according to Google-owned Mandiant researchers.
The Biden administration has recently sanctioned other cyber criminals including members of the Russian LockBit ransomware group, which has attacked over 2,500 victims worldwide and extorted more than $500 million in ransom. The Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command’s CyberAv3ngers was also sanctioned in November.