Mikhail Matveev

Threat Actor updated 16 days ago (2024-10-02T11:00:56.938Z)

Download STIX

Preview STIX

Mikhail Matveev, also known by the aliases Wazawaka, m1x, Boriselcin, and Uhodiransomwar, is a prominent threat actor associated with significant cybercrime activities. His involvement in the cybercrime world was traced back to 2020 and 2021 when he was identified as an affiliate of LockBit, a notorious ransomware group that has been active since 2019. The group's extensive victim list includes major organizations such as Bank of America and the UK Royal Mail. In January 2022, KrebsOnSecurity identified Matveev as a 32-year-old from Khakassia, Russia, linking him to the pseudonym Wazawaka. In May 2023, Matveev was charged in two indictments unsealed in Washington, D.C., and the District of New Jersey. The charges related to his use of various ransomware variants, including LockBit, to attack multiple victims across the United States, notably the Washington, D.C., Metropolitan Police Department. Matveev was also a central figure in the Babuk ransomware-as-a-service gang. These indictments followed the sanctioning of Matveev due to his affiliation with LockBit. Despite the indictments, only a few suspects, including Ruslan Astamirov and Matveev, have been named and charged in connection with the LockBit ransomware attacks. Only Astamirov has been arrested thus far. The FBI has issued a strong warning to these cybercriminals, emphasizing their commitment to pursuing such malicious actors globally. They aim for the indictment, sanctions, and reward for information on Matveev to serve as a deterrent to cybercriminals worldwide, demonstrating that no country can provide them with complete safety or protection.

Description last updated: 2024-10-02T10:15:48.499Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Wazawaka is a possible alias for Mikhail Matveev. Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's oper	4
Uhodiransomwar is a possible alias for Mikhail Matveev. Uhodiransomwar, also known as Mikhail Pavlovich Matveev, Wazawaka, m1x, and Boriselcin, is a significant threat actor in the cybersecurity landscape. A Russian national aged 30, Matveev has been implicated in a series of malicious cyber activities since at least 2020. He is alleged to have participa	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Cybercrime

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Lockbit Malware is associated with Mikhail Matveev. LockBit is a notorious malware that operates on a ransomware-as-a-service model, which has been responsible for significant cyber attacks across the globe. One of its most high-profile targets was Boeing, from whom the LockBit gang claimed to have stolen data. This incident not only disrupted operat	Unspecified	5
The Babuk Malware is associated with Mikhail Matveev. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatio	Unspecified	2

Source Document References

Information about the Mikhail Matveev Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	16 days ago	Police arrested four new individuals linked to the LockBit ransomware operation
Flashpoint	3 months ago	COURT DOC: Two Foreign Nationals Plead Guilty to Participation in LockBit Ransomware Group
DARKReading	3 months ago	Two Foreign Nationals Plead Guilty to Participating in LockBit Ransomware Group
Krebs on Security	3 months ago	The Not-So-Secret Network Access Broker x999xx
Flashpoint	5 months ago	COURT DOC: U.S. Charges Russian National with Developing and Operating LockBit Ransomware
Krebs on Security	5 months ago	U.S. Charges Russian Man as Boss of LockBit Ransomware Group
BankInfoSecurity	5 months ago	LockBitSupp's Identity Revealed: Dmitry Yuryevich Khoroshev
Flashpoint	a year ago	COURT DOC: Ransomware Charges Unsealed Against Russian National
CERT-EU	7 months ago	LockBit ransomware kingpin gets 4 years behind bars • The Register \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	District of New Jersey \| Russian National Charged with Ransomware Attacks Against Critical Infrastructure \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	One of the FBI's Most Wanted Hackers Is Trolling the US Government \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	Alleged Babuk Ransomware ‘Wazawaka’ Hacker Indicted in US \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware – National Cyber Security Consulting
CERT-EU	a year ago	TSMC confirms partner affected by LockBit cyberattack, but there is good news
CERT-EU	a year ago	US sanctions Russian ransomware operator who leaked stolen DC police data
CERT-EU	a year ago	Do government sanctions against ransomware groups work? - Cyber Security Review
CERT-EU	a year ago	Les dernières actus cybercrime (13 octobre 2023) • Cybersécurité
CERT-EU	a year ago	COURT DOC: Ransomware Charges Unsealed Against Russian National \| #ransomware \| #cybercrime – National Cyber Security Consulting
CERT-EU	a year ago	Russian man charged in ransomware attack on D.C. police \| #ransomware \| #cybercrime – National Cyber Security Consulting
CERT-EU	a year ago	Russian ransomware actor targeted \| Bankers Online
Krebs on Security	8 months ago	Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates