Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Matrix Botnet

People’s Cyber Army of Russia – Threat Actor

January 30, 2025
Reading Time: 4 mins read
in Threat Actors
People’s Cyber Army of Russia – Threat Actor

People’s Cyber Army of Russia

Other Names

Cyber Army of Russia
Cyber Army of Russia Reborn

CARR

Location

Russia

Date of initial activity

2022

Suspected Attribution 

Hacktivists

Motivation

Hacktivism

Software

Website

Networks

Overview

The People’s Cyber Army of Russia (PCAR), also known as the Cyber Army of Russia Reborn (CARR), is a pro-Russian hacktivist group that has gained notoriety for orchestrating disruptive cyber campaigns across geopolitical adversaries. Emerging in March 2022 in the wake of Russia’s invasion of Ukraine, PCAR has positioned itself as a prominent player in Russia’s cyber ecosystem, executing large-scale Distributed Denial of Service (DDoS) attacks and targeting critical infrastructure worldwide. The group is closely affiliated with Russia’s military intelligence service, specifically the GRU-linked Sandworm group, amplifying its operational capabilities and strategic reach. Its activities demonstrate a blend of patriotism, state-sponsored motivations, and cybercriminal expertise, making it a formidable cyber actor. PCAR primarily focuses on targeting Ukraine and its allies, including the United States and European nations, with an emphasis on critical infrastructure sectors. Their attacks have extended beyond conventional DDoS campaigns, including compromises of Supervisory Control and Data Acquisition (SCADA) systems—essential for managing industrial processes—affecting water utilities and energy infrastructure in the United States, Poland, and France. These attacks highlight the group’s ability to disrupt essential services, creating both operational challenges and public safety concerns for targeted organizations. The group’s recent inclusion in sanctions imposed by the U.S. State Department underscores the severity of its operations and the growing threat it poses to international cybersecurity.

Common targets

  • Information
  • Public Administration
  • Retail Trade
  • France
  • Ukraine
  • Estonia
  • Georgia
  • Azerbaijan

Attack Vectors

Web Browsing

Software Vulnerabilities

How they operate

PCAR’s technical operations are largely centered on the execution of large-scale DDoS attacks. These attacks aim to overwhelm servers and networks by flooding them with illegitimate traffic, rendering websites and services inaccessible. The group frequently utilizes a distributed botnet infrastructure, often leveraging compromised IoT devices and servers. By employing tools like HTTP flooders, UDP amplifiers, and Layer 7 DDoS methods, PCAR can bypass basic mitigation measures and sustain prolonged outages. For example, during the #FreeDurov campaign, the group coordinated attacks across multiple targets in France, overwhelming services such as government websites, educational platforms, and private sector entities. These attacks are often accompanied by public disclosures on PCAR’s Telegram channels, amplifying their impact by showcasing technical success and fueling psychological disruption. In addition to DDoS campaigns, PCAR demonstrates the ability to target SCADA systems—critical for managing industrial operations such as water utilities, power grids, and transportation networks. Leveraging vulnerabilities in outdated systems and exploiting weak access controls, PCAR has successfully compromised industrial control systems in the United States, Poland, and France. These attacks indicate a deep understanding of SCADA protocols, as well as the ability to manipulate and disrupt operational technology (OT) environments. Targeting critical infrastructure requires a higher level of technical expertise, highlighting the group’s capabilities and potential access to state-sponsored tools or intelligence. The group’s operational success is further enhanced through coordination with other pro-Russian threat actors and the use of encrypted communication platforms like Telegram. PCAR often collaborates with groups such as CyberDragon and UserSec, amplifying attack power and expanding its reach across various sectors. Telegram serves as a key operational hub, where PCAR publishes attack announcements, shares target lists, and disseminates propaganda to its followers. These public-facing activities allow the group to maintain a perception of power while encouraging crowd-sourced contributions, such as individual participants joining DDoS campaigns using open-source tools or scripts shared within the group’s ecosystem. PCAR also utilizes hack-and-leak operations as part of its technical playbook. In these operations, compromised databases are exfiltrated and selectively leaked to inflict reputational damage and cause operational disruptions. For example, the group has claimed responsibility for leaking sensitive data from government websites, showcasing their technical ability to exploit web application vulnerabilities, execute SQL injection attacks, and escalate privileges within targeted systems. These leaks are often accompanied by messaging that aligns with Russian geopolitical narratives, highlighting PCAR’s dual role as a disruptive hacktivist group and an influence operation tool. In conclusion, the People’s Cyber Army of Russia operates on a technically advanced level, combining DDoS attacks, SCADA system compromises, hack-and-leak operations, and strategic collaborations with other threat actors. By leveraging advanced tools, vulnerabilities, and public platforms for coordination, PCAR is able to conduct large-scale, impactful cyber campaigns. Their alignment with state-sponsored actors and focus on critical infrastructure further distinguishes them from traditional hacktivist groups, cementing their role as a formidable force in the evolving landscape of cyber conflict.
References:
  • Hacktivists Call for Release of Telegram Founder with #FreeDurov DDoS Campaign
  • Hacktivist Group: People’s Cyber Army
Tags: CARRCyber Army of Russia RebornDDoSFranceHacktivistHTTPPCARPeople’s Cyber Army of RussiaRussiaThreat ActorsUkraine
ADVERTISEMENT

Related Posts

Storm-1811 (Cybercriminal) – Threat Actor

Storm-1811 (Cybercriminal) – Threat Actor

March 2, 2025
CopyCop (State-Sponsored) – Threat Actor

CopyCop (State-Sponsored) – Threat Actor

March 2, 2025
Storm-0539 – Threat Actor

Storm-0539 – Threat Actor

March 2, 2025
Void Manticore (Storm-0842) – Threat Actor

Void Manticore (Storm-0842) – Threat Actor

March 2, 2025
Unfading Sea Haze – Threat Actor

Unfading Sea Haze – Threat Actor

March 2, 2025
Ikaruz Red Team – Threat Actor

Ikaruz Red Team – Threat Actor

March 2, 2025

Latest Alerts

Google Removes 352 ‘IconAds’ Fraud Apps

Malicious Firefox Add Ons Steal Crypto Keys

Browser Cache Attack Bypasses Web Security

PDFs Deliver QR Codes in Callback Scams

Critical Sudo Flaws Expose Linux Systems

Unkillable Mac Malware From North Korea

Subscribe to our newsletter

    Latest Incidents

    Tech Incubator IdeaLab Discloses Data Breach

    Brazil’s CIEE One Exposes 248,000 Records

    McLaughlin & Stern Discloses Data Breach

    Cyberattack Hits Medtech Firm Surmodics

    Rhysida Ransomware Hits German Charity WHH

    Hacker Accesses Max Financial’s User Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial