M1x

Threat Actor updated 7 months ago (2024-05-04T17:32:41.938Z)

Download STIX

Preview STIX

M1x, also known as Wazawaka, Boriselcin, and Uhodiransomwar, is a threat actor identified as Mikhail Pavlovich Matveev. This individual has been allegedly involved in malicious cyber activities since at least 2020. Matveev's primary mode of operation involves the deployment of ransomware, specifically three variants known as LockBit, Babuk, and Hive. These ransomware attacks have been targeted towards various sectors including law enforcement, government agencies, hospitals, and schools, causing significant disruption and damage. According to an indictment obtained by the District of New Jersey, Matveev not only deployed these ransomware variants but also transmitted ransom demands associated with each attack. The Department of Justice (DOJ) statement provides evidence of his extensive involvement in these cybercrimes. His actions represent a serious threat to both private and public entities, disrupting their operations and potentially leading to breaches of sensitive data. In May 2023, the DOJ announced the indictment of Matveev for his alleged participation in these separate conspiracies. His activities extend beyond the United States, affecting victims abroad as well. The charges brought against him underline the seriousness of his offenses and the ongoing efforts of law enforcement agencies to combat such threats. The indictment serves as a warning to other potential threat actors and highlights the importance of robust cybersecurity measures.

Description last updated: 2024-01-06T22:11:29.521Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Uhodiransomwar is a possible alias for M1x. Uhodiransomwar, also known as Mikhail Pavlovich Matveev, Wazawaka, m1x, and Boriselcin, is a significant threat actor in the cybersecurity landscape. A Russian national aged 30, Matveev has been implicated in a series of malicious cyber activities since at least 2020. He is alleged to have participa	3
Boriselcin is a possible alias for M1x. Mikhail Pavlovich Matveev, also known as Boriselcin, is a threat actor that has been implicated in significant cybercrime activities. Beginning at least as early as 2020, Matveev has been allegedly involved in deploying three ransomware variants: LockBit, Babuk, and Hive. These attacks targeted vari	3
Mikhail Pavlovich Matveev is a possible alias for M1x. Mikhail Pavlovich Matveev, a Russian national also known by online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, has been identified as a major threat actor in the world of cybersecurity. Matveev is among five Russians charged in connection with Lockbit, a group widely recognized as one of	3
Wazawaka is a possible alias for M1x. Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's oper	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Lockbit Malware is associated with M1x. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit	Unspecified	2

Source Document References

Information about the M1x Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	District of New Jersey \| Russian National Charged with Ransomware Attacks Against Critical Infrastructure \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CSO Online	2 years ago	Russian national indicted for ransomware attacks against the US
Flashpoint	a year ago	COURT DOC: Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses