LockBitSupp

Threat Actor updated 15 days ago (2024-11-08T12:44:09.118Z)
Download STIX
Preview STIX
LockBitSupp, a prominent threat actor, has been identified as Russian national Dmitry Yuryevich Khoroshev. The group's activities have been under scrutiny due to its involvement in ransomware attacks and other cybercrimes. Khoroshev, who was operating under the aliases "LockBit" and "LockBitSupp," is alleged to have developed one of the most prolific ransomware variants. His actions led to significant attention from international law enforcement agencies, including the U.S. State Department offering a reward of up to $10M for information, and the U.S. Department of Treasury designating him for sanctions. In May 2024, Operation Cronos, a joint effort by the U.K.'s National Crime Agency and the FBI, successfully revealed Khoroshev's identity and indicted him. Khoroshev, based in Voronezh, Russia, had managed to keep his real identity a secret until then. He was accused of not only developing LockBit as early as September 2019 but also maintaining its infrastructure, recruiting new affiliates, and acting as the group's spokesperson under the alias "LockBitSupp." Despite the revelation of his identity and subsequent indictment, LockBitSupp continued to engage in publicity stunts such as offering $1,000 to anyone who got a tattoo of the Lockbit logo and putting a $1 million bounty on information related to his own real-world identity. However, these actions, along with his engagement with law enforcement, are likely to impact the ransomware group’s overall reputation. The situation puts all of LockBit's affiliates at risk and diminishes the street credibility of the group's leader.
Description last updated: 2024-11-04T21:02:13.196Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Putinkrab is a possible alias for LockBitSupp. Putinkrab, a threat actor, is known for its involvement in the development and use of highly successful ransomware strains. Emerging onto the scene in 2019, Putinkrab first appeared on Russian cybercrime forums such as XSS, Exploit, and UFOLabs, where they sold ransomware source code written in C. T
2
Dmitry Yuryevich Khoroshev is a possible alias for LockBitSupp. Dmitry Yuryevich Khoroshev, a Russian national from Voronezh, has been identified as a significant threat actor in the cybersecurity landscape. Known by his alias "LockBitSupp," Khoroshev is allegedly the creator, developer, and administrator of LockBit, a notorious ransomware group. His real identi
2
Lockbit Black is a possible alias for LockBitSupp. LockBit Black, also known as LockBit 3.0, is a malicious software that emerged in early 2022 following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. The malware has been developed to exploit and damage computer systems by encrypting files, often leading to ransom demands
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
XSS (Cross S...
Ransom
Exploit
Fbi
RaaS
Cybercrime
Vulnerability
Malware
Nca
Extortion
Scams
Analyst Notes & Discussion
Hello
@Blue Unicorn, 3 months ago
Hellosss
@Blue Unicorn, 3 months ago
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with LockBitSupp. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit is related to
11
The Conti Malware is associated with LockBitSupp. Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. Often spreading through suspicious downloads, emails, or websites, it can steal personal information, disrupt operations, or hold data hostage for ransom. Notably, Conti was linked to several raUnspecified
2
The Clop Malware is associated with LockBitSupp. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitinUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Zeon Threat Actor is associated with LockBitSupp. Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as Bis related to
2
The Blackmatter Threat Actor is associated with LockBitSupp. BlackMatter, a threat actor in the cybersecurity realm, is known for its malicious activities and has been linked to several ransomware strains. The group emerged as a successor to the DarkSide ransomware, which was responsible for the high-profile attack on the Colonial Pipeline in May 2021. HoweveUnspecified
2
The DarkSide Threat Actor is associated with LockBitSupp. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply acrossUnspecified
2
The FIN7 Threat Actor is associated with LockBitSupp. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global Unspecified
2
The Alphv Threat Actor is associated with LockBitSupp. Alphv, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. Originating from Russia, this cybercriminal group has been involved in multiple high-profile ransomware attacks, specifically targeting healthcare providers. They gained significant attention after stealing 5TB Unspecified
2
Source Document References
Information about the LockBitSupp Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
19 days ago
InfoSecurity-magazine
2 months ago
BankInfoSecurity
2 months ago
BankInfoSecurity
3 months ago
CERT-EU
9 months ago
DARKReading
8 months ago
Flashpoint
4 months ago
DARKReading
4 months ago
InfoSecurity-magazine
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
InfoSecurity-magazine
4 months ago
Securityaffairs
6 months ago
Checkpoint
6 months ago
Krebs on Security
6 months ago
Securityaffairs
6 months ago
Flashpoint
7 months ago
DARKReading
7 months ago
Securityaffairs
7 months ago
InfoSecurity-magazine
7 months ago