Ukrainian national Victoria Dubranova is in U.S. custody, accused of supporting Russian hacker group NoName057 in cyberattacks on critical infrastructure. She has pleaded not guilty.
Ukrainian Woman in US Custody for Aiding Russian NoName057 Hacker Group
The US Justice Department has indicted Ukrainian national Victoria Eduardovna Dubranova, 33, also known as “Vika,” a.k.a. “Tory,” a.k.a. “SovaSonya,” for her alleged role in a series of cyberattacks aimed at disrupting critical infrastructure around the world.
According to court documents, her work supported two well-known Russian-aligned hacking groups, NoName057(16) and CyberArmyofRussia_Reborn (CARR), also known as Z-Pentest, both believed to have backing from Russian state entities.
Dubranova was extradited to the United States earlier this year and now faces charges in two separate cases. One involves her alleged involvement with CARR, while the second ties her to NoName, another politically motivated group targeting Western countries. She pleaded not guilty to both indictments and is set to face trial in 2026.
In July 2025, police dismantled over 100 servers linked to NoName057(16) and arrested two individuals in coordinated operations across France and Spain. While those arrests targeted the same group Dubranova is accused of supporting, her extradition details remain undisclosed, and there is no public confirmation connecting her to those arrests.
Dubranova was extradited to the United States earlier this year and now faces charges in two separate cases. One involves her alleged involvement with CARR, while the second ties her to NoName, another politically motivated group targeting Western countries. She pleaded not guilty to both indictments and is set to face trial in 2026.
In July 2025, police dismantled over 100 servers linked to NoName057(16) and arrested two individuals in coordinated operations across France and Spain. While those arrests targeted the same group Dubranova is accused of supporting, her extradition details remain undisclosed, and there is no public confirmation connecting her to those arrests.
The Justice Department says these weren’t random cyberattacks or financially motivated ransomware campaigns. These were focused efforts designed to disrupt water systems, food supply chains, and public services.
CARR, for example, took responsibility for hacking drinking water systems in multiple U.S. states, causing major spills and system failures. The group also claimed attacks on a meat processing facility in Los Angeles, spoiling thousands of pounds of food and triggering an ammonia leak.
NoName, on the other hand, leaned heavily on its custom DDoS tool called “DDoSia” to knock government websites offline. The group recruited volunteers globally to launch these attacks, offering cryptocurrency rewards and leaderboard rankings to incentivise participation. It ran through an infrastructure built by a Russian state-sponsored IT group known as CISM, which had been operating under a 2018 order from the Russian president.
According to the DoJ’s press release, both groups received guidance and support from Russian government bodies. The CARR indictment references a GRU (Glavnoye Razvedyvatelnoye Upravleniye, Russia’s primary military intelligence agency) officer who provided direction on attack targets and paid for access to cybercriminal services. US authorities say that at times, CARR had over 100 members, including minors, and an online following in the tens of thousands.
