3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Degtyarenko

Degtyarenko

ID: bc0dc0b7ded7bd81aef1307a1d7350af78029
Cybercrime Cyber Espionage Cybercriminal State-Sponsored
Threat types: Intrusion, Cyber Espionage, DDoS Ops
Russia UKR, USA
Updated: 2026-01-13
Created: 2025-10-23
Progress: 57% Completeness: 60% Freshness: 50%
Operation zone: Ukraine, United States
Aliases Limited alias preview
Dena Denis Olegovich Degtyarenko Де***********************
Showing 2 of 3 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: high
Actor Techniques page ATT&CK® Diagram

Denis Olegovich Degtyarenko (“Dena”) is the primary hacker of the pro-Russia hacktivist group Cyber Army of Russia Reborn (aka People’s Cyber Army). Sanctioned on 2024-07-19, he is linked by OFAC to DDoS operations and to manipulation of HMI/SCADA at U.S./European critical infrastructure, including a U.S. energy SCADA compromise.


Technique Technique name Tactics Evidence
T1498 Network Denial of Service TA0040
  • 2022-12-31 — OFAC states CARR conducted unsophisticated DDoS since 2022 against Ukraine and governments/companies supporting Ukraine. · ref
T0831 Manipulation of Control TA0105
  • 2024-01-18 — OFAC describes HMI/SCADA manipulations at water/energy sites (e.g., Texas tank level overflows) claimed by CARR. · ref
T0858 Change Operating Mode TA0103 TA0104
  • 2024-01-18 — Change of controller/HMI operating states is relevant to the manipulation described; included as contextual ICS technique. · ref
Strategic Intelligence
Limited preview
Last updated: 2025-10-23T23:03:37+00:00
DENIS OLEGOVICH DEGTYARENKO — Primary hacker for People’s Cyber Army / CARR; ICS-targeting claims and DDoS ops

CLASSIFICATION: Unclassified / Open Source


Executive Summary

Denis Olegovich Degtyarenko (DOB 1989-10-09), also known online as “Dena,” is publicly identified by the U.S. Department of the Treasury (OFAC) as the primary hacker of the pro-Russia hacktivist group Cyber Army of Russia Reborn (CARR), also called Cyber Army of Russia and widely referred to in Russian as “Narodnaya CyberArmiya” / People’s Cyber Army. On 2024-07-19, OFAC sanctioned Degtyarenko and CARR’s leader Yuliya Vladimirovna Pankratova, citing activity against U.S. and European critical infrastructure, including DDoS and manipulations of industrial control systems (ICS) at water, hydroelectric, wastewater, and energy facilities. OFAC states Degtyarenko was “behind the compromise of the SCADA system of a U.S. energy company” and in early May 2024 developed training materials for compromising SCADA, potentially to share with external groups. Overall confidence in these core facts: high.


  • Industries/Sectors: Water and wastewater; Hydroelectric; Energy (including electric utilities); broader critical infrastructure.
  • Geography (Region): United States and Europe (claims and incidents noted by OFAC); wider focus aligned with pro-Russia operations since 2022.
  • Countries (if available): United States; multiple European countries (per OFAC summary).
  • Timeframe: 2022–2025 (group activity since 2022; sanctions 2024-07-19; continued open-source coverage through 2025).
Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.