LockBitSupp

Threat Actor updated a month ago (2024-11-29T13:43:12.437Z)
Download STIX
Preview STIX
LockBitSupp, a prominent threat actor, has been identified as Russian national Dmitry Yuryevich Khoroshev. The group's activities have been under scrutiny due to its involvement in ransomware attacks and other cybercrimes. Khoroshev, who was operating under the aliases "LockBit" and "LockBitSupp," is alleged to have developed one of the most prolific ransomware variants. His actions led to significant attention from international law enforcement agencies, including the U.S. State Department offering a reward of up to $10M for information, and the U.S. Department of Treasury designating him for sanctions. In May 2024, Operation Cronos, a joint effort by the U.K.'s National Crime Agency and the FBI, successfully revealed Khoroshev's identity and indicted him. Khoroshev, based in Voronezh, Russia, had managed to keep his real identity a secret until then. He was accused of not only developing LockBit as early as September 2019 but also maintaining its infrastructure, recruiting new affiliates, and acting as the group's spokesperson under the alias "LockBitSupp." Despite the revelation of his identity and subsequent indictment, LockBitSupp continued to engage in publicity stunts such as offering $1,000 to anyone who got a tattoo of the Lockbit logo and putting a $1 million bounty on information related to his own real-world identity. However, these actions, along with his engagement with law enforcement, are likely to impact the ransomware group’s overall reputation. The situation puts all of LockBit's affiliates at risk and diminishes the street credibility of the group's leader.
Description last updated: 2024-11-04T21:02:13.196Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Putinkrab is a possible alias for LockBitSupp. Putinkrab, a threat actor, is known for its involvement in the development and use of highly successful ransomware strains. Emerging onto the scene in 2019, Putinkrab first appeared on Russian cybercrime forums such as XSS, Exploit, and UFOLabs, where they sold ransomware source code written in C. T
2
Dmitry Yuryevich Khoroshev is a possible alias for LockBitSupp. Dmitry Yuryevich Khoroshev, a Russian national from Voronezh, has been identified as a significant threat actor in the cybersecurity landscape. Known by his alias "LockBitSupp," Khoroshev is allegedly the creator, developer, and administrator of LockBit, a notorious ransomware group. His real identi
2
Lockbit Black is a possible alias for LockBitSupp. LockBit Black, also known as LockBit 3.0, is a malicious software that emerged in early 2022 following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. The malware has been developed to exploit and damage computer systems by encrypting files, often leading to ransom demands
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
XSS (Cross S...
RaaS
Exploit
Fbi
Vulnerability
Cybercrime
Malware
Nca
Extortion
Scams
Analyst Notes & Discussion
Hello
@Blue Unicorn, 4 months ago
Hellosss
@Blue Unicorn, 4 months ago
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with LockBitSupp. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers oris related to
11
The Conti Malware is associated with LockBitSupp. Conti is a type of malware, specifically ransomware, which is designed to infiltrate and damage computer systems. This malicious software can enter systems through various methods such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personaUnspecified
2
The Clop Malware is associated with LockBitSupp. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitinUnspecified
2
The Conti Encryptor Malware is associated with LockBitSupp. Conti Encryptor is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once it has gained access, Conti Encryptor can cause sUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Zeon Threat Actor is associated with LockBitSupp. Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as Bis related to
2
The Blackmatter Threat Actor is associated with LockBitSupp. BlackMatter, a threat actor in the cybersecurity realm, is known for its malicious activities and has been linked to several ransomware strains. The group emerged as a successor to the DarkSide ransomware, which was responsible for the high-profile attack on the Colonial Pipeline in May 2021. HoweveUnspecified
2
The DarkSide Threat Actor is associated with LockBitSupp. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply acrossUnspecified
2
The FIN7 Threat Actor is associated with LockBitSupp. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global Unspecified
2
The Alphv Threat Actor is associated with LockBitSupp. Alphv, also known as BlackCat, is a threat actor group that has been linked to numerous cyberattacks, particularly targeting the healthcare sector. The group made headlines when it stole 5TB of data from Morrison Community Hospital, causing significant disruption and raising concerns about patient pUnspecified
2
Source Document References
Information about the LockBitSupp Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
4 days ago
BankInfoSecurity
2 months ago
InfoSecurity-magazine
3 months ago
BankInfoSecurity
3 months ago
BankInfoSecurity
4 months ago
CERT-EU
10 months ago
DARKReading
9 months ago
Flashpoint
5 months ago
DARKReading
5 months ago
InfoSecurity-magazine
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
InfoSecurity-magazine
6 months ago
Securityaffairs
7 months ago
Checkpoint
7 months ago
Krebs on Security
7 months ago
Securityaffairs
8 months ago
Flashpoint
8 months ago
DARKReading
8 months ago
Securityaffairs
8 months ago