Treasury sanctions Russian hackers that breached US water utilities | CyberScoop<\/title> <meta name=\"description\" content=\"The Russian hacktivists have been linked to the state-backed Sandworm group.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/treasury-sanctions-russia-hacktivist-water\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Treasury sanctions Russian hackers that breached US water utilities\"> <meta property=\"og:description\" content=\"The Russian hacktivists have been linked to the state-backed Sandworm group.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/treasury-sanctions-russia-hacktivist-water\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-07-19T20:16:42+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/treasury-sanctions-russian-hackers-that-breached-us-water-utilities-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1721147539g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1721117550g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1721183474g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ada0ad45b21fc79c6694\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/81096\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.6\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=81096\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftreasury-sanctions-russia-hacktivist-water%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftreasury-sanctions-russia-hacktivist-water%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-81096 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/treasury-sanctions-russia-hacktivist-water\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"23.81308411215\">\n<div class=\"single-article__header-content\" readability=\"27.452631578947\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/government\/\"> <span>Government<\/span> <\/a> <\/li>\n<\/ul>\n<p> The Russian hacktivists have been linked to the state-backed Sandworm group. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/treasury-sanctions-russian-hackers-that-breached-us-water-utilities.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/treasury-sanctions-russian-hackers-that-breached-us-water-utilities-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/treasury-sanctions-russian-hackers-that-breached-us-water-utilities-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/treasury-sanctions-russian-hackers-that-breached-us-water-utilities-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/treasury-sanctions-russian-hackers-that-breached-us-water-utilities-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/treasury-sanctions-russian-hackers-that-breached-us-water-utilities-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/treasury-sanctions-russian-hackers-that-breached-us-water-utilities-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/treasury-sanctions-russian-hackers-that-breached-us-water-utilities-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/treasury-sanctions-russian-hackers-that-breached-us-water-utilities-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/treasury-sanctions-russian-hackers-that-breached-us-water-utilities-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/treasury-sanctions-russian-hackers-that-breached-us-water-utilities-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> The Russian flag flies at the embassy’s compound in Washington, DC, on April 15, 2021. (Photo by MANDEL NGAN\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"34.469611125418\"><body readability=\"69.536421992744\"><\/p>\n<p>The leaders of a Russian nationalist hacktivist group were sanctioned by the U.S. Treasury Department on Friday over a January incident that caused overflowing water storage tanks in multiple counties in Texas.<\/p>\n<p>Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko are the leader and \u201cprimary hacker,\u201d respectively, of the Cyber Army of Russia Reborn (CARR), <a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy2473\">according<\/a> to the Treasury Department. The hacktivist group is known for exaggerated claims and unsophisticated cyberattacks against critical infrastructure in the U.S. and Europe, but they have been linked to the Russian Main Intelligence Directorate military unit dubbed by Mandiant as \u201cSandworm,\u201d which is best known for successfully hacking into Ukraine\u2019s grid and the hack on the 2018 Winter Olympics.<\/p>\n<p>Brian Nelson, under secretary of the treasury for terrorism and financial intelligence, said in a statement that the targeting of U.S. critical infrastructure by CARR and its members represents \u201can unacceptable threat to our citizens and our communities, with potentially dangerous consequences.\u201d <\/p>\n<p>\u201cThe United States has and will continue to take action, using our full range of tools, to hold accountable these and other individuals for their malicious cyber activities,\u201d Nelson added.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>In January, CARR <a href=\"https:\/\/twitter.com\/Cyberknow20\/status\/1748139362104361021\">claimed responsibility<\/a> for manipulating the controls of a water overflow tank in Muleshow, Texas by posting a video on Telegram that supposedly showed the attack occurring. Officials in nearby towns Abernathy and Hale Center also said they were hit. While the attack did not impact services, the relative ease with which the hacktivist group manipulated controls \u2014 ultimately spilling tens of thousands of gallons of water \u2014 still bodes ill for other critical networks that can be accessed online.<\/p>\n<p>However, the group\u2019s links to Sandworm are still unclear. Mandiant noted in <a href=\"https:\/\/cyberscoop.com\/sandworm-apt44-texas-water-facility\/\">an April report<\/a> that the hacktivists may be informing the Russian military unit of their actions or they may be taking directions. A YouTube channel created by the group has been linked to an IP used by Sandworm, according to the cyber firm.<\/p>\n<p>\u201cDespite CARR briefly gaining control of these industrial control systems, instances of major damage to victims have thus far been avoided due to CARR\u2019s lack of technical sophistication,\u201d the Treasury release noted.<\/p>\n<p>The Treasury Department alleges that Pankratova controlled the gang\u2019s actions and acted as a spokesperson. In an <a href=\"https:\/\/www.wired.com\/story\/cyber-army-of-russia-interview\/\">interview with Wired<\/a>, a spokesperson for CARR that called themselves \u201cJulia\u201d boasted of the water overflows as a way to send a message,though it\u2019s not clear if Pankratova is the same individual.<\/p>\n<p>Degtyarenko, who also goes by Dena, according to the announcement, was behind the compromise of another unnamed U.S. energy company, according to the Treasury. The agency also said Dena was known to be developing training materials in May that were intended to compromise SCADA systems, leaving open the possibility to distribute those materials to \u201cexternal groups.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Sanctions have become a common reflex from the Biden administration following hacks on critical infrastructure. The <a href=\"https:\/\/cyberscoop.com\/u-s-government-sanctions-iranian-officials-over-pennsylvania-water-facility-hack\/\">Treasury Department in November sanctioned<\/a> the CyberAv3ngers, a fake hacktivist persona run by the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command, for <a href=\"https:\/\/cyberscoop.com\/pennsylvania-water-facility-hack-iran\/\">defacing several programmable logic controllers<\/a> made by an Israeli manufacturer that were located in water facilities in Pennsylvania. The defacement was part of long-running operations between <a href=\"https:\/\/cyberscoop.com\/hack-and-leak-group-black-shadow-keeps-targeting-israeli-victims\/\">Iran and Israel<\/a> and did not disrupt services.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.6923076923077\">\n<div class=\"author-card\" readability=\"9\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/treasury-sanctions-russian-hackers-that-breached-us-water-utilities-1.jpg?w=640&ssl=1\" alt=\"Christian Vasquez\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Christian Vasquez<\/h4>\n<p> Christian covers industrial cybersecurity for CyberScoop News. He previously wrote for E&E News at POLITICO covering cybersecurity in the energy sector. Reach out: christian.vasquez at cyberscoop dot com <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/treasury-sanctions-russia-hacktivist-water\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Treasury sanctions Russian hackers that breached US water utilities |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1464,117,466,439,270,2357,880],"tags":[1465,119,470,443,276,2358,881],"class_list":["post-4561","post","type-post","status-publish","format-standard","hentry","category-cyber-av3ngers","category-government","category-gru","category-policy","category-russia","category-russian-hackers","category-sandworm","tag-cyber-av3ngers","tag-government","tag-gru","tag-policy","tag-russia","tag-russian-hackers","tag-sandworm"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cyber-av3ngers\/\" rel=\"category tag\">Cyber Av3ngers<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/gru\/\" rel=\"category tag\">GRU<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/policy\/\" rel=\"category tag\">Policy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russian-hackers\/\" rel=\"category tag\">Russian hackers<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sandworm\/\" rel=\"category tag\">Sandworm<\/a>","tag_info":"Sandworm","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4561","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=4561"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4561\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=4561"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=4561"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=4561"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":4561,"date":"2024-07-19T15:16:42","date_gmt":"2024-07-19T20:16:42","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=81096"},"modified":"2024-07-19T15:16:42","modified_gmt":"2024-07-19T20:16:42","slug":"treasury-sanctions-russian-hackers-that-breached-us-water-utilities","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/07\/19\/treasury-sanctions-russian-hackers-that-breached-us-water-utilities\/","title":{"rendered":"Treasury sanctions Russian hackers that breached US water utilities"},"content":{"rendered":"