Mikhail Matveev

Threat Actor Profile Updated 4 days ago

Download STIX

Preview STIX

Mikhail Matveev, also known by multiple aliases including "Wazawaka," "m1x," "Boriselcin," and "Uhodiransomwar," is a significant threat actor in the cybercrime landscape. He has been identified as a key figure in the Babuk ransomware-as-a-service gang and a prominent member of the cybercrime underground with ties to LockBit ransomware activities throughout 2020 and 2021. Matveev's identity was initially traced back by KrebsOnSecurity in January 2022, linking him to a 31-year-old individual from Abaza, Russia. In May 2023, two indictments were unsealed in Washington, D.C., and the District of New Jersey, charging Matveev with using different ransomware variants, including LockBit, to launch attacks on numerous victims across the United States. Notable among these victims was the Washington, D.C., Metropolitan Police Department. These charges came as part of an increased effort by law enforcement agencies to clamp down on ransomware activities tied to LockBit and its affiliates. The indictments against Matveev represent a broader push by international law enforcement to disrupt the operations of cybercriminals worldwide. FBI-Newark Special Agent in Charge James E. Dennehy stated that the indictment, sanctions, and reward for Matveev were intended to send a clear message to cybercriminals globally. Despite Matveev's belief that he could operate with impunity from within Russia, the actions taken against him demonstrate a growing commitment to pursuing such threat actors, regardless of their geographic location.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Wazawaka	4	Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's oper
Uhodiransomwar	2	Uhodiransomwar, also known as Mikhail Pavlovich Matveev, Wazawaka, m1x, and Boriselcin, is a threat actor who has been identified as a significant cybersecurity concern. A Russian national aged 30, Matveev has allegedly been involved in numerous malicious activities since at least 2020, primarily fo
Boriselcin	1	Mikhail Pavlovich Matveev, also known as Boriselcin, is a threat actor that has been implicated in significant cybercrime activities. Beginning at least as early as 2020, Matveev has been allegedly involved in deploying three ransomware variants: LockBit, Babuk, and Hive. These attacks targeted vari

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Cybercrime

Russia

Financial

Fbi

Techcrunch

Government

Malware

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Lockbit	Unspecified	4	LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
Babuk	Unspecified	2	Babuk is a type of malware, specifically ransomware, which is designed to infiltrate systems and hold data hostage for ransom. It can be delivered through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, Babuk can disrupt operations and steal perso

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Vasiliev	Unspecified	1	Mikhail Vasiliev, a dual Russian-Canadian national and known threat actor, was a key figure in the global LockBit ransomware conspiracy. Alongside other members including Artur Sungatov, Ivan Kondratyev, Ruslan Magomedovich Astamirov, and Mikhail Pavlovich Matveev, Vasiliev played a significant role

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Mikhail Matveev Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
Flashpoint	3 days ago	COURT DOC: Two Foreign Nationals Plead Guilty to Participation in LockBit Ransomware Group
DARKReading	4 days ago	Two Foreign Nationals Plead Guilty to Participating in LockBit Ransomware Group
Krebs on Security	24 days ago	The Not-So-Secret Network Access Broker x999xx
Flashpoint	3 months ago	COURT DOC: U.S. Charges Russian National with Developing and Operating LockBit Ransomware
Krebs on Security	3 months ago	U.S. Charges Russian Man as Boss of LockBit Ransomware Group
BankInfoSecurity	3 months ago	LockBitSupp's Identity Revealed: Dmitry Yuryevich Khoroshev
Flashpoint	a year ago	COURT DOC: Ransomware Charges Unsealed Against Russian National
CERT-EU	4 months ago	LockBit ransomware kingpin gets 4 years behind bars • The Register \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	10 months ago	District of New Jersey \| Russian National Charged with Ransomware Attacks Against Critical Infrastructure \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	10 months ago	One of the FBI's Most Wanted Hackers Is Trolling the US Government \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	Alleged Babuk Ransomware ‘Wazawaka’ Hacker Indicted in US \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware – National Cyber Security Consulting
CERT-EU	a year ago	TSMC confirms partner affected by LockBit cyberattack, but there is good news
CERT-EU	a year ago	US sanctions Russian ransomware operator who leaked stolen DC police data
CERT-EU	9 months ago	Do government sanctions against ransomware groups work? - Cyber Security Review
CERT-EU	9 months ago	Les dernières actus cybercrime (13 octobre 2023) • Cybersécurité
CERT-EU	a year ago	COURT DOC: Ransomware Charges Unsealed Against Russian National \| #ransomware \| #cybercrime – National Cyber Security Consulting
CERT-EU	a year ago	Russian man charged in ransomware attack on D.C. police \| #ransomware \| #cybercrime – National Cyber Security Consulting
CERT-EU	a year ago	Russian ransomware actor targeted \| Bankers Online
Krebs on Security	5 months ago	Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates
CERT-EU	5 months ago	US indicts two Russian nationals in LockBit ransomware case \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting