Cyber Army of Russia Reborn / Z-Pentest

About

Rewards for Justice (RFJ) is offering a reward of up to $2 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act.

Under this reward offer, RFJ is offering up to $2 million for information on individuals associated with Cyber Army of Russia Reborn (CARR), also known as Z-Pentest. According to industry reporting, the group is linked to the Main Centre for Special Technologies (GTsST) within the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). CARR members have also publicly claimed their connections to the Russian government.

In late 2023, CARR began claiming responsibility for accessing industrial control systems of multiple U.S. and European critical infrastructure targets. Using various techniques, CARR has manipulated unsecured industrial control systems at water supply, hydroelectric, wastewater, and energy facilities in the U.S. and Europe.

In the United States, CARR has claimed responsibility for numerous instances of malicious cyber activity targeting water utilities in Indiana, New Jersey, and Texas. CARR actors caused minor disturbances at one of those facilities and prompted officials in another town to switch its water system to manual operations thereby thwarting the Russian proxy’s attempted access.

In January 2024, CARR actors posted a video to the group’s Telegram claiming credit for tampering with human machine interfaces (HMI) at a U.S. water utility. The video showed a cyber actor manipulating interfaces controlling the utility’s operational technology assets. In November 2024, CARR hacked a meat processing facility in Los Angeles County, spoiling thousands of pounds of meat and triggering an ammonia leak, forcing the evacuation of the facility for several hours.

Yuliya Vladimirovna Pankratova, also known as YUliYA online, is the self-described administrator of CARR. Pankratova directs CARR’s operations and has acted as a spokesperson for the group.

Denis Olegovich Degtyarenko, also known as Dena online, is a primary hacker for CARR. Degtyarenko accessed the supervisory control and data acquisition (SCADA) system of a U.S. energy company. In early May 2024, Degtyarenko compiled basic training materials on how to access SCADA systems and was suspected of seeking to distribute the materials to external groups.

The malicious cyber actor known as “Cyber_1ce_Killer” is a member of CARR. The moniker “Cyber_1ce_Killer” is associated with at least one GRU officer.

Pankratova and Degtyarenko were sanctioned by the U.S. Department of the Treasury in July 2024 for their roles in conducting cyber activities.

Anyone with information on Yuliya Pankratova, Denis Degtyarenko, Cyber Army of Russia Reborn, or associated individuals, activities, or entities, should contact Rewards for Justice via the Tor-based tips-reporting channel at:

he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required).

CARR Profile

Associated Telegram Channels: CyberArmyofRussia_Reborn1; Z -Alliance; Z-Pentest