The House Energy and Commerce committee unanimously passed a package of bipartisan cybersecurity bills Thursday targeting the energy sector, including legislation that would reauthorize and fund a critical federal cybersecurity assistance program for rural electric utilities across the country.

The Rural and Municipal Utility Cybersecurity Act, introduced by Reps. Mariannette Miller-Meeks, R-Iowa, and Jennifer McClellan, D-Va., reauthorizes the Rural and Municipal Utility Advanced Cybersecurity program at the Department of Energy, which funnels hundreds of millions of dollars in federal grants and technical assistance every year to help rural utilities and cooperatives defend against cyberattacks and other threats.

The program was created through the 2022 Infrastructure Investment and Jobs Act and is widely viewed in the energy sector as a cybersecurity lifeline for badly underfunded electric utilities that would otherwise be a weak link in the nation’s energy cybersecurity or reliability.

Smaller utilities play a crucial role supporting the nation’s energy grids, but many lack sophisticated IT or cybersecurity operations. Industry officials say it’s not uncommon for some entities to have one or two IT or cybersecurity officials, if that. The bill approves $250 million in additional grant funding for the program over the next five years, part of which would go to implementing more modern cybersecurity technologies and enhancing information sharing.  

Speaking ahead of the vote, Miller-Meeks said her Iowa district’s electric cooperative must serve rate payers across 20 different counties and faces “the same threats as metropolitan systems but with fewer resources.”

“At a time when cybersecurity attacks on our critical infrastructure are escalating and we have not yet authorized an appropriations bill for DHS, small and rural utilities need resources to defend against nation state actors and sophisticated threats,” she said.

Ranking member Frank Pallone, D-N.J., leveled his own criticism, claiming that the reauthorization was “held up for countless months due to senseless delays” by Energy officials.

Another bill, the Energy Emergency Leadership Act, would move responsibility for the cybersecurity functions of the Office of Cybersecurity, Energy Security and Emergency Response under a single, Senate-confirmed assistant secretary.

The bill’s chief sponsor, Rep. Laurel Lee, R-Fla., directly cited reports of ongoing threats to the nation’s energy sector from Chinese state-sponsored hackers as a driver of the legislation.

“At the same time our electric grid faces an increasingly complex threat landscape, state sponsored threats like Volt Typhoon have actively targeted U.S. critical infrastructure, including our electric grid,” said Lee. “These are real and ongoing threats from foreign adversaries seeking to undermine our national security and economic stability.”

The committee also passed bills that require states to include cybersecurity in their energy plans, clarify the Secretary of Energy’s role promoting and coordinating cybersecurity of the nation’s oil and natural gas pipelines, and codify a pilot Energy Threat Analysis Center.

The post Congress looks to revive critical cyber program for rural electric utilities appeared first on CyberScoop.

The Justice Department has charged a Ukrainian national with conducting cyberattacks on critical infrastructure worldwide as part of two Russian state-sponsored hacking operations that targeted water systems, food processing facilities and government networks across the United States and allied nations.

Victoria Eduardovna Dubranova, 33, was arraigned on a second indictment Tuesday after being extradited to the U.S. earlier this year. She faces charges related to her alleged work with CyberArmyofRussia_Reborn, known as CARR, and NoName057(16), two groups federal prosecutors say received backing from Moscow to advance Russian geopolitical interests. 

Dubranova pleaded not guilty in both cases.

The indictments describe operations that evolved from distributed denial of service attacks to more destructive intrusions into industrial control systems. CARR, according to prosecutors, was founded and funded by Russia’s Main Directorate of the General Staff of the Armed Forces, known as the GRU. NoName057(16) emerged from the Center for the Study and Network Monitoring of the Youth Environment, an information technology organization established by presidential order in Russia in October 2018.

Brett Leatherman, the FBI’s assistant director in its cyber division, said the charges against Dubranova are the first time the U.S. has charged someone under the law designed to protect water systems.

“Let me emphasize, the FBI doesn’t just track cyber adversaries. We call them out and bring them to justice,” Leatherman said on a press call Wednesday. “That’s what today demonstrates.”

Both groups claimed credit for hundreds of attacks beginning in 2022, following the escalation of the Russia-Ukraine conflict. CARR maintained a Telegram channel with more than 75,000 followers and at times had over 100 members, including juveniles, according to the indictment. The group received financial support from a figure using the moniker “Cyber_1ce_Killer,” which federal authorities associate with at least one GRU officer.

The attacks attributed to CARR resulted in tangible damage to U.S. infrastructure. Public drinking water systems in several states experienced damage to control systems that caused hundreds of thousands of gallons of water to spill. In November 2024, an attack on a meat processing facility in Los Angeles spoiled thousands of pounds of meat and triggered an ammonia leak that forced an evacuation. The group also targeted U.S. election infrastructure and websites for nuclear regulatory entities.

NoName057(16) operated differently, developing proprietary software called DDoSia that recruited volunteers worldwide to participate in attacks. The group published daily leaderboards on Telegram ranking participants and paid top volunteers in cryptocurrency. Between March 2022 and June 2025, the group conducted more than 1,500 attacks on government agencies, financial institutions, railways and ports in Ukraine and NATO countries including Estonia, Finland, Lithuania, Norway, Poland and Sweden.

The group targeted Dutch infrastructure during the June 2025 NATO Summit in The Hague. Volunteers who downloaded DDoSia were required to read a manifesto describing pro-Russian geopolitical motivations before participating in attacks on targets selected by administrators.

Federal investigators from multiple agencies, including the FBI, CISA, NSA, Department of Energy and EPA, issued a joint advisory warning that pro-Russia hacktivist groups target minimally secured internet-facing connections to infiltrate operational technology control devices. The EPA emphasized the threat to public water systems, noting the defendant’s actions put communities and drinking water resources at risk.

Chris Butera, CISA’s acting deputy executive assistant director for cybersecurity, said Wednesday that organizations responsible for operating critical infrastructure should understand these groups are “actively engaging in opportunistic, low sophistication, malicious cyber activity across multiple sectors to gain notoriety and create mayhem.”

“The single most important thing people can do to protect themselves is to reduce the number of operational technology devices exposed to the public-facing internet,” Butera said. 

Dubranova faces one count of conspiracy to damage protected computers in the NoName case, carrying a maximum five-year sentence. The CARR indictment charges her with conspiracy to damage protected computers and tamper with public water systems, damaging protected computers, access device fraud and aggravated identity theft. If convicted on all CARR charges, she faces up to 27 years in federal prison.

The State Department announced rewards of up to $2 million for information on individuals associated with CARR and up to $10 million for information related to NoName057(16). Two CARR members, Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, were previously sanctioned by the Treasury Department in July 2024. Pankratova allegedly served as administrator of CARR, while Degtyarenko is described as a primary hacker who accessed a U.S. energy company’s supervisory control and data acquisition system.

The investigations are part of Operation Red Circus, an FBI initiative to disrupt Russian state-sponsored cyber threats to U.S. critical infrastructure. By late 2024, prosecutors say CARR administrators grew dissatisfied with GRU support and created a new group called Z-Pentest that employs similar tactics.

Trials are scheduled for Feb. 3, 2026, in the NoName matter and April 7, 2026, in the CARR case.

The post US charges hacker tied to Russian groups that targeted water systems and meat plants appeared first on CyberScoop.