Mikhail Matveev

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
Mikhail Matveev, also known by his online aliases "Wazawaka" and "Boriselcin," is a renowned threat actor with significant ties to cybercrime. Identified by the FBI as a central figure in multiple ransomware operations since 2020, Matveev was notably affiliated with LockBit throughout 2020 and 2021, and was a key player in the Babuk ransomware-as-a-service gang. His malicious activities have had considerable impacts, including leaking data stolen from the Washington Metropolitan Police Department in 2021. In May 2023, the U.S. government responded to Matveev's persistent cyber threats by indicting and sanctioning him for his association with LockBit-affiliated ransomware development. The Treasury Department imposed economic sanctions on Matveev, who admitted to being involved in three separate ransomware operations. This decisive action was part of a broader strategy to deter cybercriminals worldwide, signaling that the FBI and international law enforcement partners are actively pursuing these malicious actors. Despite these measures, Matveev remains at large, with the U.S. Department of the Treasury placing a $10 million reward for his arrest. Only one other suspect tied to LockBit, Ruslan Astamirov, has been apprehended and charged. Matveev's case serves as a stark reminder of the challenges faced in combating cybercrime, especially when threat actors operate from countries where they feel protected. However, authorities remain resolute in their pursuit, aiming to disrupt the perceived impunity of these cybercriminals.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Wazawaka
4
Wazawaka, identified by the FBI as Mikhail Matveev, is a prominent threat actor in the cybercrime underworld with previous affiliations to LockBit ransomware groups. Throughout 2020 and 2021, he functioned as an affiliate for multiple ransomware organizations, including LockBit. In January 2022, Kre
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Cybercrime
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
3
LockBit is a malicious software (malware) that has been implicated in several high-profile cyber attacks. It infiltrates systems through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. Recently, the L
BabukUnspecified
2
Babuk is a type of malware, specifically ransomware, that has been used to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Recently, there has been an in
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Mikhail Matveev Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
US sanctions Russian ransomware operator who leaked stolen DC police data
Krebs on Security
10 days ago
U.S. Charges Russian Man as Boss of LockBit Ransomware Group
CERT-EU
3 months ago
Authorities disrupt Lockbit ransomware, indict two RaaS affiliates | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
3 months ago
Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates – GIXtools
Flashpoint
10 days ago
COURT DOC: U.S. Charges Russian National with Developing and Operating LockBit Ransomware
CERT-EU
7 months ago
Les dernières actus cybercrime (13 octobre 2023) • Cybersécurité
CERT-EU
2 months ago
LockBit ransomware kingpin gets 4 years behind bars • The Register | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Krebs on Security
3 months ago
Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates
CERT-EU
a year ago
Alleged Babuk Ransomware ‘Wazawaka’ Hacker Indicted in US | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting
CERT-EU
6 months ago
Do government sanctions against ransomware groups work? - Cyber Security Review
BankInfoSecurity
a year ago
Alleged Babuk Ransomware Hacker 'Wazawaka' Indicted in US
CERT-EU
a year ago
TSMC confirms partner affected by LockBit cyberattack, but there is good news
CERT-EU
8 months ago
District of New Jersey | Russian National Charged with Ransomware Attacks Against Critical Infrastructure | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
3 months ago
US indicts two Russian nationals in LockBit ransomware case | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
8 months ago
One of the FBI's Most Wanted Hackers Is Trolling the US Government - Slashdot
CERT-EU
a year ago
Russian ransomware actor targeted | Bankers Online
CERT-EU
a year ago
Russian man charged in ransomware attack on D.C. police | #ransomware | #cybercrime – National Cyber Security Consulting
CERT-EU
3 months ago
LockBit affiliates arrested in Ukraine, Poland | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
a year ago
Russian Hacker “Wazawaka” Indicted for Ransomware - GIXtools
Flashpoint
a year ago
COURT DOC: Ransomware Charges Unsealed Against Russian National