CyberArmy of Russia Reborn (CARR) is a pro-Russian hacktivist group active since at least 2022. Reporting in the provided content says it began with low-level attacks in Ukraine after Russia's invasion and has since been linked to multiple attacks targeting critical infrastructure in the United States and Europe. The group has been associated with attacks on water, food-processing, wastewater, hydroelectric, and energy facilities, including attacks on human-machine interfaces and access to the SCADA system of a U.S. energy company that allowed control of alarms and pumps connected to tanks. The content states these attacks created real safety risks. CARR is also described as having been named by the UK's National Cyber Security Centre in warnings about risks to Western critical national infrastructure. U.S. officials said CARR was working with, or receiving instructions from, Russia's GRU, and the content notes CARR has been loosely linked to APT44/Sandworm; Mandiant previously attributed related water and energy sector attacks to Sandworm. Known individuals named in the content include alleged leader Yuliya Vladimirovna Pankratova, alleged primary hacker Denis Olegovich Degtyarenko, and alleged member Victoria Eduardovna Dubranova. The group is mentioned alongside Z-Pentest and NoName057(16), including cases where individuals tied to CARR were also suspected of supporting or coordinating with those pro-Russian hacktivist groups.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Sectors the actor has been observed targeting.
Geographies tied to known operations.
Attributed origin per open-source reporting.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Pro-Russia hacktivist group linked to attacks on critical national infrastructure, including water and energy facilities, and described as conducting opportunistic attacks against critical infrastructure. The article says US officials stated CARR was working with, or receiving instructions from, Russian military intelligence.
Pro-Russian hacktivist group linked to attacks on critical infrastructure in the U.S. and Europe, including water and food-processing facilities and SCADA systems of an American energy firm.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.