Bassterlord

Threat Actor updated 3 months ago (2024-08-14T09:39:28.247Z)
Download STIX
Preview STIX
Bassterlord, a known threat actor and affiliate of the LockBit group, has been associated with multiple malicious cyber activities since August 2021. Operating under the alias "Bassterlord," Ivan Kondratyev allegedly deployed LockBit ransomware against private and municipal entities in New York, Oregon, and Puerto Rico, as well as targets in Taiwan, Singapore, and Lebanon. Bassterlord, also believed to be the leader of a subgroup within the LockBit operation named the "National Hazard Agency," frequently communicated with other malevolent actors and made references to rejoining the LockBit affiliate program. In February 2024, a significant disruption operation was launched, coinciding with the unsealing of an indictment in the District of New Jersey. The indictment charged Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, with deploying LockBit against numerous victims across the United States and globally. Victims included businesses in the manufacturing and semiconductor industries among others. This indictment highlighted the international reach of the LockBit group and its affiliates, including Bassterlord. The US government has previously charged other members of the LockBit group, including Artur Sungatov and Ivan Kondratyev (Bassterlord), along with Ruslan Magomedovich Astamirov, Mikhail Matveev (Wazawaka), and Mikhail Vasiliev. These charges underscore the ongoing efforts by authorities to disrupt the activities of the LockBit group and its associates. The case of Bassterlord underscores the complexity of cybercrime and the necessity for continued vigilance and cooperation among international law enforcement agencies.
Description last updated: 2024-08-14T09:10:29.945Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Artur Sungatov is a possible alias for Bassterlord. In February 2024, the U.S. Justice Department unsealed an indictment in the District of New Jersey against Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, for their involvement with the LockBit ransomware group. This notorious cybercriminal organization has been acti
5
Ivan Kondratyev is a possible alias for Bassterlord. Ivan Kondratyev, also known as Bassterlord, is a recognized threat actor associated with the notorious LockBit ransomware group. The Russian national has been linked to malicious cyber activities targeting numerous businesses and industries across the United States and globally. Operating alongside
4
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
XSS (Cross S...
TSMC
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Bassterlord. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit is related to
8
The REvil Malware is associated with Bassterlord. REvil, also known as Sodinokibi, is a malicious software (malware) that operates on a Ransomware as a Service (RaaS) model. This model became increasingly popular in 2020, with first-stage malware like Dridex and Gootkit being linked to ransomware attacks such as BitPaymer and REvil respectively. ThUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Vasiliev Threat Actor is associated with Bassterlord. Mikhail Vasiliev, a dual Russian-Canadian national known by various online aliases such as "Ghostrider," was a key threat actor involved in the global LockBit ransomware campaign. Alongside fellow members like Ruslan Magomedovich Astamirov, and others including Sungatov, Kondratyev, and Mikhail PavlUnspecified
2
Source Document References
Information about the Bassterlord Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
9 months ago
Flashpoint
4 months ago
DARKReading
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Flashpoint
6 months ago
Securityaffairs
6 months ago
Krebs on Security
6 months ago
BankInfoSecurity
6 months ago
CERT-EU
9 months ago
CERT-EU
8 months ago
CERT-EU
8 months ago
CERT-EU
2 years ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
Securityaffairs
a year ago