Boriselcin

Threat Actor Profile Updated 3 months ago

Download STIX

Preview STIX

Mikhail Pavlovich Matveev, also known as Boriselcin, is a threat actor that has been implicated in significant cybercrime activities. Beginning at least as early as 2020, Matveev has been allegedly involved in deploying three ransomware variants: LockBit, Babuk, and Hive. These attacks targeted various entities including law enforcement agencies, hospitals, schools, and other government organizations. The U.S. Department of Justice (DOJ) indictment suggests that Matveev transmitted ransom demands related to each of these ransomware variants. In May 2023, the DOJ announced the indictment of Matveev for his alleged involvement in the deployment of these ransomware variants against victims both within the United States and abroad. Matveev, who used multiple aliases such as Wazawaka, m1x, Boriselcin, and Uhodiransomwar, is believed to be behind numerous substantial attacks on companies and critical infrastructure. Notably, he was identified as "Boriselcin", a brash personality who was the public persona of Babuk, a ransomware affiliate program that emerged on New Year's Eve 2020. Matveev, a 30-year-old Russian national, is considered by the FBI as one of the most wanted hackers. He is accused of working with three different ransomware gangs that extorted hundreds of millions of dollars from a range of institutions. Known for his bold online presence, Matveev operated under several monikers on cybercrime forums, including "Boriselcin". His activities have led to significant disruptions and financial losses, highlighting the ongoing threat posed by sophisticated cybercriminals.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Wazawaka	4	Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's oper
Mikhail Pavlovich Matveev	3	Mikhail Pavlovich Matveev, a Russian national also known by the online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, is identified as a significant threat actor in the global cybersecurity landscape. He is one of five Russians charged over Lockbit, considered to be the world's most dangero
Uhodiransomwar	3	Uhodiransomwar, also known as Mikhail Pavlovich Matveev, Wazawaka, m1x, and Boriselcin, is a threat actor who has been identified as a significant cybersecurity concern. A Russian national aged 30, Matveev has allegedly been involved in numerous malicious activities since at least 2020, primarily fo
M1x	3	M1x, also known as Wazawaka, Boriselcin, and Uhodiransomwar, is a threat actor identified as Mikhail Pavlovich Matveev. This individual has been allegedly involved in malicious cyber activities since at least 2020. Matveev's primary mode of operation involves the deployment of ransomware, specifical
Mikhail Pavolovich Matveev	2	None
Hive Ransomware	1	Hive ransomware, a notorious threat actor, emerged as one of the most prolific groups in 2022, executing a series of cyberattacks with malicious intent. This group was responsible for numerous ransomware attacks, causing significant disruptions and damage across various sectors. However, in January
Mikhail Matveev	1	Mikhail Matveev, also known by multiple aliases including "Wazawaka," "m1x," "Boriselcin," and "Uhodiransomwar," is a significant threat actor in the cybercrime landscape. He has been identified as a key figure in the Babuk ransomware-as-a-service gang and a prominent member of the cybercrime underg

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Ransom

Cybercrime

Fbi

Techcrunch

Government

Russia

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Babuk	Unspecified	3	Babuk is a type of malware, specifically ransomware, which is designed to infiltrate systems and hold data hostage for ransom. It can be delivered through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, Babuk can disrupt operations and steal perso
Lockbit	Unspecified	3	LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
Hive	Unspecified	2	Hive is a malicious software, or malware, that infiltrates systems to exploit and damage them. This malware has been associated with Volt Typhoon, who exfiltrated NTDS.dit and SYSTEM registry hive to crack passwords offline. The Hive operation was primarily involved in port scanning, credential thef

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Boriselcin Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	10 months ago	District of New Jersey \| Russian National Charged with Ransomware Attacks Against Critical Infrastructure \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CSO Online	a year ago	Russian national indicted for ransomware attacks against the US
CERT-EU	10 months ago	One of the FBI's Most Wanted Hackers Is Trolling the US Government \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	10 months ago	Infamous Russian hacker mocks the FBI by selling t-shirts featuring his most wanted poster
CERT-EU	a year ago	Who wants to be a millionaire by giving a tip to FBI about this hacker?
Krebs on Security	a year ago	Russian Hacker “Wazawaka” Indicted for Ransomware
Flashpoint	a year ago	COURT DOC: Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses
CERT-EU	10 months ago	FBI Most-Wanted Russian Hacker Reveals Why He Burned His Passport \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	Russian national charged with ransomware attacks against critical infrastructure
CERT-EU	a year ago	Russian Hacker “Wazawaka” Indicted for Ransomware - GIXtools
CERT-EU	10 months ago	One of the FBI's Most Wanted Hackers Is Trolling the US Government - Slashdot