The Ukrainian Woman Who Sabotaged Children's Water Parks and Critical Infrastructure for Russia

Victoria Dubranova faces life in prison for 99 documented cyberattacks spanning from swimming pools to public water systems

In what reads like a script from a techno-thriller, Victoria Eduardovna Dubranova, a 20-something Ukrainian woman known online as "Vika" and "Sovasonya," stands accused of orchestrating some of the most brazen cyberattacks against Western critical infrastructure in recent years. Her indictment, filed in the U.S. District Court for the Central District of California, details an astonishing 99 offensive cybersecurity operations—ranging from tampering with children's swimming pools to poisoning public water systems.

The 38-page indictment reveals a chilling pattern: Dubranova, a Ukrainian citizen, allegedly worked alongside Russian state-sponsored hackers, including suspected GRU (Russian military intelligence) and FSB (Federal Security Service) operatives, to carry out cyberattacks that threatened public health and safety across multiple countries.

From Video Editor to International Cyber Criminal

According to court documents, Dubranova wasn't the technical mastermind behind the hacks—her role was arguably more insidious. She served as the propaganda arm of "CyberArmyofRussia_Reborn" (CARR), a hacktivist group with over 75,000 Telegram followers. Her responsibilities included:

• Creating promotional videos documenting cyberattacks
• Managing CARR's social media presence across Telegram, Twitter, Instagram, and YouTube
• Coordinating fundraising for DDoS-for-hire services
• Running disinformation campaigns to amplify the group's notoriety

But federal prosecutors argue that her "aiding and abetting" made her equally culpable for the physical damage and public safety threats caused by her co-conspirators' intrusions into critical infrastructure systems.

The Attacks: From Petty to Potentially Deadly

The indictment documents attacks spanning from November 2022 through late 2024, targeting victims across the United States, Europe, and elsewhere. Some highlights (or lowlights) include:

Children's Water Park, Netherlands (November 2024)

CARR members compromised a children's water park, tampering with temperature controls and deliberately modifying chlorination levels—creating potentially dangerous conditions for young swimmers.

Public Water Systems, United States

• Texas (January 2024): Hackers tampered with water storage tank setpoints and triggered 22 wells, causing drinking water to overflow
• Texas (again, August 2024): Another attack altered pump setpoints and shut down systems, resulting in approximately 200,000 gallons of lost water
• Indiana (September 2024): All pumps at a public water system were activated, with settings tampered

Oil and Gas Facilities

• Colorado (October 2024): Chemical supplies depleted by increasing injection rates into oil wells. Dubranova allegedly instructed a co-conspirator to "raise a temperature and disarm alarm settings" so "the probability of a real accident will be higher"
• Oklahoma (August 2024): An oil facility was compromised with unknown damage

Landfill Water Treatment, Pennsylvania (July 2024)

Pumps were tampered with, and parasitic acid contamination levels were manipulated at a water treatment installation.

The Meat Packing Plant Attack

In perhaps the most documented attack, on November 1, 2024, CARR compromised a meat packing facility in Vernon, California. They shut off refrigeration, spoiled over 2,000 pounds of meat, triggered an ammonia leak requiring a four-hour evacuation, and caused over $5,000 in damages. Dubranova created a promotional video within 40 minutes of receiving footage from the attacker, claiming credit for destroying "tons of finished meat products."

And... A Florida Car Wash

Yes, among the 99 operations, CARR somehow found time to hack a car wash in Florida, tampering with the position of washing components. The pettiness is almost comedic—imagine being a small business owner charging $6 per wash, only to be informed by federal authorities that the Russian Federation targeted your operation.

The DDoS Campaign and Election Interference

Beyond SCADA intrusions, CARR conducted extensive Distributed Denial of Service (DDoS) attacks:

• 2022 U.S. Midterm Elections: A Secretary of State website was knocked offline for approximately 10 hours on election day
• 2024 U.S. Elections: Dubranova created a video describing CARR's planned campaign of DDoS attacks against U.S. election-related websites
• Hundreds of other DDoS attacks against government agencies, airports, universities, and infrastructure across the U.S., Ukraine, Moldova, Taiwan, Poland, Finland, and other countries

The group used both their custom "Killweb" DDoS script and paid subscriptions to DDoS-for-hire services like Stresser.tech, funded partially by defendant "Cyber_Ice_Killer," believed to be a GRU officer.

The Conspiracy and Russian State Connections

The indictment names multiple co-conspirators (many with redacted identities), but makes clear that:

• "Cyber_Ice_Killer" (defendant "CYBER_ICE") was associated with at least one GRU officer
• Another co-conspirator was believed by the group to work for Russia's FSB
• CYBER_ICE provided funding for CARR's operations and instructed other members on target selection
• The group explicitly aligned itself with Russian geopolitical interests, targeting "all countries unfriendly to the Russian Federation"

In private messages, co-conspirators referred to CYBER_ICE as "Commander" and described him as a Russian government operative. One defendant was even described by colleagues as an "FSB Captain."

The Failed Escape to Russia

According to reports from the Donetsk People's Republic, in November 2024, Dubranova attempted to flee Ukraine via bus toward Poland, with plans to ultimately reach Russia. She allegedly went AWOL and was likely captured by Ukrainian authorities—though her current whereabouts remain unclear.

This detail adds a darkly ironic twist: a Ukrainian citizen, working for Russian intelligence, trying to defect to Russia during an active war between the two countries.

The Charges: 30 Years to Life

Dubranova faces five federal counts:

1. Conspiracy (18 U.S.C. § 371)
2. Unauthorized Damage to a Protected Computer (18 U.S.C. § 1030)
3. Access Device Fraud (18 U.S.C. § 1029)
4. Aggravated Identity Theft (18 U.S.C. § 1028A)
5. Criminal Forfeiture provisions

If convicted on all counts, she's looking at decades in federal prison—potentially life.

The indictment also seeks forfeiture of any property derived from the offenses, including substitute assets if the original criminal proceeds can't be located.

The Bigger Picture: Hybrid Warfare and Critical Infrastructure

While Dubranova's case has elements of dark comedy (that car wash!), it represents a deadly serious evolution in state-sponsored cyber operations. Russia has increasingly employed "hacktivists" and criminal groups as proxies, providing them with resources, targets, and protection while maintaining plausible deniability.

The attacks on water systems are particularly alarming. As cybersecurity experts have warned for years, ICS/SCADA systems controlling critical infrastructure often lack basic security protections. The fact that a loosely organized group with a propaganda-focused Ukrainian woman could compromise multiple water systems across the United States should concern every critical infrastructure operator and policymaker.

Dubranova's case also highlights how modern cyber warfare blurs the lines between nation-states and non-state actors, between military operations and criminal enterprises, and between information warfare and physical sabotage.

What Happens Next?

With the indictment unsealed in January 2025 and filed in California's Central District Court, the question remains: where is Victoria Dubranova? If Ukrainian authorities have her in custody, will they extradite her to the United States? Or will this become another case where indicted foreign hackers remain beyond the reach of U.S. law enforcement?

For now, the 38-page indictment stands as a detailed case study of how a small group of determined actors—with state backing—can threaten critical infrastructure across multiple countries. And how a young Ukrainian woman went from video editing to facing life in an American federal prison for poisoning water systems and spoiling meat.

She's cooked. It's game over.

The full indictment is available through the U.S. District Court for the Central District of California (Case No. 2:25-cr-00577-FMO). Additional defendants remain at large, with several identities redacted in public court documents.