Bassterlord

Threat Actor updated 2 months ago (2024-08-14T09:39:28.247Z)

Download STIX

Preview STIX

Bassterlord, a known threat actor and affiliate of the LockBit group, has been associated with multiple malicious cyber activities since August 2021. Operating under the alias "Bassterlord," Ivan Kondratyev allegedly deployed LockBit ransomware against private and municipal entities in New York, Oregon, and Puerto Rico, as well as targets in Taiwan, Singapore, and Lebanon. Bassterlord, also believed to be the leader of a subgroup within the LockBit operation named the "National Hazard Agency," frequently communicated with other malevolent actors and made references to rejoining the LockBit affiliate program. In February 2024, a significant disruption operation was launched, coinciding with the unsealing of an indictment in the District of New Jersey. The indictment charged Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, with deploying LockBit against numerous victims across the United States and globally. Victims included businesses in the manufacturing and semiconductor industries among others. This indictment highlighted the international reach of the LockBit group and its affiliates, including Bassterlord. The US government has previously charged other members of the LockBit group, including Artur Sungatov and Ivan Kondratyev (Bassterlord), along with Ruslan Magomedovich Astamirov, Mikhail Matveev (Wazawaka), and Mikhail Vasiliev. These charges underscore the ongoing efforts by authorities to disrupt the activities of the LockBit group and its associates. The case of Bassterlord underscores the complexity of cybercrime and the necessity for continued vigilance and cooperation among international law enforcement agencies.

Description last updated: 2024-08-14T09:10:29.945Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Artur Sungatov is a possible alias for Bassterlord. In February 2024, the U.S. Justice Department unsealed an indictment in the District of New Jersey against Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, for their involvement with the LockBit ransomware group. This notorious cybercriminal organization has been acti	5
Ivan Kondratyev is a possible alias for Bassterlord. Ivan Kondratyev, also known as Bassterlord, is a recognized threat actor associated with the notorious LockBit ransomware group. The Russian national has been linked to malicious cyber activities targeting numerous businesses and industries across the United States and globally. Operating alongside	4

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

XSS (Cross S...

TSMC

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Lockbit Malware is associated with Bassterlord. LockBit is a notorious malware that operates on a ransomware-as-a-service model, which has been responsible for significant cyber attacks across the globe. One of its most high-profile targets was Boeing, from whom the LockBit gang claimed to have stolen data. This incident not only disrupted operat	is related to	8
The REvil Malware is associated with Bassterlord. REvil is a notorious malware, specifically a type of ransomware, that gained prominence in the cybercrime world as part of the Ransomware as a Service (RaaS) model. This model became increasingly popular in 2020, establishing relationships between first-stage malwares and subsequent ransomware attac	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Vasiliev Threat Actor is associated with Bassterlord. Mikhail Vasiliev, a dual Russian-Canadian national known by various online aliases such as "Ghostrider," was a key threat actor involved in the global LockBit ransomware campaign. Alongside fellow members like Ruslan Magomedovich Astamirov, and others including Sungatov, Kondratyev, and Mikhail Pavl	Unspecified	2

Source Document References

Information about the Bassterlord Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	8 months ago	US charges two Russian nationals in LockBit ransomware case amid global crackdown
Flashpoint	3 months ago	COURT DOC: Two Foreign Nationals Plead Guilty to Participation in LockBit Ransomware Group
DARKReading	3 months ago	Two Foreign Nationals Plead Guilty to Participating in LockBit Ransomware Group
Securityaffairs	3 months ago	Russian nationals plead guilty to participating in the LockBit ransomware group
Securityaffairs	3 months ago	Russian nationals plead guilty to participating in the LockBit ransomware group
Flashpoint	5 months ago	COURT DOC: U.S. Charges Russian National with Developing and Operating LockBit Ransomware
Securityaffairs	5 months ago	Law enforcement agencies identified LockBit ransomware admin and sanctioned him
Krebs on Security	5 months ago	U.S. Charges Russian Man as Boss of LockBit Ransomware Group
BankInfoSecurity	5 months ago	LockBitSupp's Identity Revealed: Dmitry Yuryevich Khoroshev
CERT-EU	8 months ago	U.S. And United Kingdom Disrupt Prolific 'Lockbit' Cybercrime Gang: DOJ \| #cybercrime \| #infosec \| National Cyber Security Consulting
CERT-EU	7 months ago	LockBit Affiliate Sentenced to 4 Years in Canada, Faces Extradition \| #cybercrime \| #infosec \| National Cyber Security Consulting
CERT-EU	7 months ago	LockBit affiliate gets a four-year sentence in Canada
CERT-EU	a year ago	The Week in Security: SolarWinds hack set off alarms for months before discovery
InfoSecurity-magazine	a year ago	TSMC Targeted by LockBit via Supplier Breach
CERT-EU	a year ago	Hacker leaks Cortina Watch’s data online, including customer details and sales tactics \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	8 months ago	LockBit Ransomware Group Resurfaces After Law Enforcement Takedown \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	8 months ago	LockBit resurfaces after law enforcement takedown
CERT-EU	8 months ago	LockBit Ransomware Threat Persists \| MSSP Alert \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	8 months ago	UK leads takedown of LockBit ransomware gang’s website \| IT World Canada News
Securityaffairs	a year ago	LockBit gang demands a $70 million ransom to the Semiconductor Manufacturing giant TSMC