- Key insight: The suspect allegedly supported "Project DDoSia," a crowdsourced, gamified botnet that pays volunteers in cryptocurrency to overwhelm target networks.
- Supporting data: Financial firms accounted for 34% of all network- and transport-layer DDoS attacks globally over a recent 18-month period, making it the most targeted sector.
- Expert quote: "Politically-motivated hacktivist groups ... pose a serious threat to our national security," said Bill Essayli, first assistant U.S. attorney.
Overview bullets generated by AI with editorial review
The Department of Justice on Tuesday unsealed two indictments charging a Ukrainian national with playing a central role in Russian state-sponsored cyber operations, a move that highlights the escalating distributed denial-of-service, or DDoS, threat facing U.S. financial institutions.
Victoria Eduardovna Dubranova, 33, was arraigned Tuesday in California on charges related to her involvement with two notorious hacktivist groups: Cyber Army of Russia Reborn, or CARR, and NoName057(16), according to
The indictment focuses on attacks on U.S. water systems, but CARR and NoName have aggressively targeted the financial services sector, as well. The indictments come as cybersecurity experts warn that banks remain the primary target for these politically motivated disruptions.
Financial services firms accounted for 34% of all network- and transport-layer DDoS attacks globally over a recent 18-month period, and the sector was the most frequently targeted industry for the second consecutive year, according to a September report from Akamai Technologies.
"Politically-motivated hacktivist groups, whether state-sponsored like CARR or state-sanctioned like NoName, pose a serious threat to our national security," said Bill Essayli, first assistant U.S. attorney. He also said these groups often use civilians to obfuscate malicious activity targeting American interests.
Dubranova has pleaded not guilty to all charges against her. She is scheduled to face trial for the NoName-related charges on Feb. 3 and for the CARR-related charges on April 7.
If convicted, she faces a statutory maximum penalty of 27 years in federal prison for the CARR indictment and five years for the NoName indictment.
The DDoSia project and banking targets
The Department of Justice accused Dubranova of supporting NoName, a group known for running Project DDoSia, a crowdsourced botnet used to overwhelm victim networks.
NoName describes itself as a "covert project" administered by an information technology organization established by the president of Russia, according to one of the indictments against Dubranova. Though not specifically named in the indictment, this president is Vladimir Putin.
NoName recruits volunteers globally to download the DDoSia tool, using their computers to launch attacks against targets selected by the group's leaders.
For U.S. banks, NoName and Project DDoSia present the threat of bringing high traffic volumes generated by botnets that can cripple target networks.
The group publishes a daily leaderboard of its top attackers and pays them in cryptocurrency, creating a gamified and decentralized attack infrastructure.
Specific risks to U.S. institutions
Federal agencies warn that these groups are moving beyond simple website disruptions to targeting industrial control systems environments, also known as operational technology, according to a joint advisory issued Tuesday by the FBI, the Cybersecurity and Infrastructure Security Agency and the National Security Agency.
The advisory warns that groups such as CARR and NoName scan for minimally secured, internet-facing connections known as virtual network computing, or VNC.
While often associated with industrial sectors, VNC protocols are also used in the physical security and building management systems of large financial institutions.
Pro-Russia hacktivist groups conduct "less sophisticated, lower-impact attacks against critical infrastructure entities" compared to more advanced threat groups, according to the advisory. These hacktivist groups tend to exploit widespread software vulnerabilities to cause varying degrees of impact, including physical damage.
The agencies recommend that organizations mitigate these risks by ensuring VNC instances are not exposed to the public internet, mandating multifactor authentication for all remote access points, and implementing account lockouts that prevent automated attacks from guessing VNC passwords.
International fallout
While the indictments against Dubranova focus on impacts to U.S. infrastructure, the groups she allegedly supported have a track record of disrupting European banking operations.
In early 2023, NoName claimed responsibility for DDoS attacks that briefly restricted access to the websites of several Danish banks, including Jyske Bank and Sydbank, according to a report from Reuters.
More recently, the group targeted the Italian banking sector. In February 2025, it launched attacks against the websites of Intesa Sanpaolo, Banca Monte dei Paschi and others. The group cited geopolitical grievances as the reason for the attacks, according to Italy's cybersecurity agency.
The group has also claimed responsibility for attacks against financial institutions in Ukraine, Poland and Baltic states.
