Spanish police have arrested three individuals allegedly linked to a pro-Russian hacking collective known as NoName057(16) targeting Spain and other NATO countries that have supported Ukraine in its fight against the Russian invasion.

The arrests took place in Mallorca, Huelva, and Seville. The three were detained on suspicion of participating in denial-of-service (DDoS) attacks aiming to disrupt web pages of public and private organizations in the government sectors, critical infrastructures and essential services. The group has used a custom DDoS service named “DDoSia” to conduct the attacks.

The police didn’t name the arrested individuals, nor it said whether they were charged. The investigation is ongoing.

In the meantime, the US authorities sanctioned Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR), for their involvement in cyber operations against US critical infrastructure.

Pankratova leads CARR and acts as its spokesperson, while Degtyarenko, known online as Dena, is a primary hacker. Since 2022, CARR has carried out low-impact DDoS attacks in Ukraine and against entities supporting Ukraine. In late 2023, CARR claimed attacks on industrial control systems of critical infrastructure in the US and Europe, targeting water supply, hydroelectric, wastewater, and energy facilities using unsophisticated techniques.

Degtyarenko was responsible for compromising the SCADA system of a US energy company and, in May 2024, developed training materials on SCADA system compromise, potentially for distribution to other groups.