Mikhail Matveev

Threat Actor updated a month ago (2024-08-14T09:47:48.415Z)
Download STIX
Preview STIX
Mikhail Matveev, also known by his online pseudonyms "Wazawaka," "m1x," "Boriselcin," and "Uhodiransomwar," is a prominent figure in the cybercrime underworld with previous affiliations to LockBit ransomware. Identified as a 31-year-old from Abaza, Russia, Matveev was initially exposed by KrebsOnSecurity in January 2022 through clues left behind on Russian-language cybercrime forums. He was also a central figure of the Babuk ransomware-as-a-service gang, demonstrating his extensive involvement in malicious cyber activities. In May 2023, two indictments were unsealed in Washington, D.C., and the District of New Jersey, charging Matveev with using different ransomware variants, including LockBit, to attack numerous victims throughout the United States. Among the high-profile targets was the Washington, D.C., Metropolitan Police Department. These charges followed a series of significant attacks against companies and critical infrastructure in the U.S. and other countries, highlighting the extent and severity of Matveev's cybercrimes. The indictment, sanctions, and reward for Matveev were intended to send a strong message to cybercriminals worldwide, according to FBI-Newark special agent in charge James E. Dennehy. The actions against Matveev underline the determination of law enforcement agencies and international partners to pursue such threat actors, even those who believe they can operate with impunity from regions where they feel safe and protected. Despite this, only one other suspect associated with LockBit ransomware, Ruslan Astamirov, has been arrested and charged, leaving Matveev at large.
Description last updated: 2024-08-14T09:10:44.040Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Wazawaka
4
Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's oper
Uhodiransomwar
2
Uhodiransomwar, also known as Mikhail Pavlovich Matveev, Wazawaka, m1x, and Boriselcin, is a significant threat actor in the cybersecurity landscape. A Russian national aged 30, Matveev has been implicated in a series of malicious cyber activities since at least 2020. He is alleged to have participa
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Cybercrime
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
4
LockBit is a prominent malware that has been causing havoc in the cyber world. It is a ransomware, a type of malicious software designed to exploit and damage systems, often infiltrating through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operat
BabukUnspecified
2
Babuk is a type of malware, specifically ransomware, that infiltrates systems to encrypt files and hold them for ransom. This malicious software can infect your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operations by enc
Source Document References
Information about the Mikhail Matveev Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Flashpoint
2 months ago
COURT DOC: Two Foreign Nationals Plead Guilty to Participation in LockBit Ransomware Group
DARKReading
2 months ago
Two Foreign Nationals Plead Guilty to Participating in LockBit Ransomware Group
Krebs on Security
2 months ago
The Not-So-Secret Network Access Broker x999xx
Flashpoint
4 months ago
COURT DOC: U.S. Charges Russian National with Developing and Operating LockBit Ransomware
Krebs on Security
4 months ago
U.S. Charges Russian Man as Boss of LockBit Ransomware Group
BankInfoSecurity
4 months ago
LockBitSupp's Identity Revealed: Dmitry Yuryevich Khoroshev
Flashpoint
a year ago
COURT DOC: Ransomware Charges Unsealed Against Russian National
CERT-EU
6 months ago
LockBit ransomware kingpin gets 4 years behind bars • The Register | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
a year ago
District of New Jersey | Russian National Charged with Ransomware Attacks Against Critical Infrastructure | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
a year ago
One of the FBI's Most Wanted Hackers Is Trolling the US Government | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
a year ago
Alleged Babuk Ransomware ‘Wazawaka’ Hacker Indicted in US | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting
CERT-EU
a year ago
TSMC confirms partner affected by LockBit cyberattack, but there is good news
CERT-EU
a year ago
US sanctions Russian ransomware operator who leaked stolen DC police data
CERT-EU
10 months ago
Do government sanctions against ransomware groups work? - Cyber Security Review
CERT-EU
a year ago
Les dernières actus cybercrime (13 octobre 2023) • Cybersécurité
CERT-EU
a year ago
COURT DOC: Ransomware Charges Unsealed Against Russian National | #ransomware | #cybercrime – National Cyber Security Consulting
CERT-EU
a year ago
Russian man charged in ransomware attack on D.C. police | #ransomware | #cybercrime – National Cyber Security Consulting
CERT-EU
a year ago
Russian ransomware actor targeted | Bankers Online
Krebs on Security
7 months ago
Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates
CERT-EU
7 months ago
US indicts two Russian nationals in LockBit ransomware case | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting