On July 19, 2024, the U.S. Department of the Treasury announced the designation of two members of the Cyber Army of Russia Reborn (“CARR”), a Russian hacktivist group, for their involvement in cyber-attacks against U.S. critical infrastructure. The United States released the identities of CARR’s leader Yuliya Vladimirovna Pankratova and its primary hacker Denis Olegovich Degtyarenko and sanctioned the two for their roles in multiple cyber-attacks against U.S. companies, including the recent overflow of water storage tanks in Texas and the compromise of the supervisory control and data acquisition (“SCADA”) system of a U.S. energy company and briefly gaining control of its alarms and tank pumps.
The Office of Foreign Assets Control imposed the designations pursuant to Executive Order 13694, as amended, for engaging in cyber-enabled activities originating from outside the United States that threatens U.S. national security, foreign policy or the economic health and stability of the United States. As a result of the designations, all property and interests in property of the designated persons within the United States or within the possession or control of a U.S. person are blocked, and U.S. persons are generally prohibited from engaging in transactions involving a designated person. Entities owned 50 percent or more by one or more blocked persons are also blocked.