Mikhail Pavlovich Matveev

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
Mikhail Pavlovich Matveev, a Russian national also known by the online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, is identified as a significant threat actor in the cybersecurity landscape. He is one of five Russians charged over their involvement with Lockbit, a group regarded as the world's most dangerous ransomware gang. Matveev is alleged to have participated in various Lockbit attacks, developing and deploying Lockbit ransomware, and extorting payments from victim corporations. Matveev, along with other members of the Lockbit conspiracy including Artur Sungatov, Ivan Kondratyev, and Mikhail Vasiliev, has been indicted for his role in this global cybercrime operation. In May, the US Justice Department charged Matveev for his alleged role in multiple ransomware attacks. The charges include conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. His actions have caused significant harm to victims in the District of Columbia, the United States, and around the world. Despite these charges, Matveev remains at large. The US government has offered a substantial bounty for information leading to his capture, reflecting the severity of his alleged crimes and the ongoing threat he poses to global cybersecurity. The unsealed indictments against him reveal an extensive operation that has launched thousands of attacks worldwide, highlighting the critical need for continued vigilance and cooperation in the international cybersecurity community.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Uhodiransomwar
4
Uhodiransomwar, also known as Mikhail Pavlovich Matveev, Wazawaka, m1x, and Boriselcin, is a threat actor who has been active since at least 2020. Matveev, a 30-year-old Russian national, is alleged to have participated in conspiracies to deploy three ransomware variants: LockBit, Babuk, and Hive. T
Wazawaka
4
Wazawaka, identified by the FBI as Mikhail Matveev, is a prominent threat actor in the cybercrime underworld with previous affiliations to LockBit ransomware groups. Throughout 2020 and 2021, he functioned as an affiliate for multiple ransomware organizations, including LockBit. In January 2022, Kre
M1x
3
M1x, also known as Wazawaka, Boriselcin, and Uhodiransomwar, is a threat actor identified as Mikhail Pavlovich Matveev. This individual has been allegedly involved in malicious cyber activities since at least 2020. Matveev's primary mode of operation involves the deployment of ransomware, specifical
Boriselcin
3
Mikhail Pavlovich Matveev, also known as Boriselcin, is a threat actor that has been implicated in significant cybercrime activities. Beginning at least as early as 2020, Matveev has been allegedly involved in deploying three ransomware variants: LockBit, Babuk, and Hive. These attacks targeted vari
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Russia
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
4
LockBit is a malicious software (malware) that has been implicated in several high-profile cyber attacks. It infiltrates systems through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. Recently, the L
BabukUnspecified
2
Babuk is a type of malware, specifically ransomware, that has been used to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Recently, there has been an in
HiveUnspecified
2
Hive, a form of malware, has been causing significant disruptions in the cybersecurity world. The malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. Notably, Volt Typhoon has exfilt
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Hive RansomwareUnspecified
3
Hive ransomware, a notorious threat actor, emerged as one of the most prolific groups in 2022, executing a series of cyberattacks with malicious intent. This group was responsible for numerous ransomware attacks, causing significant disruptions and damage across various sectors. However, in January
VasilievUnspecified
2
Mikhail Vasiliev, a dual Russian-Canadian national and identified threat actor, was implicated in the global LockBit conspiracy, an extensive ransomware campaign. Alongside other members such as Sungatov, Kondratyev, and Mikhail Pavlovich Matveev, Vasiliev developed and deployed LockBit ransomware t
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Mikhail Pavlovich Matveev Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
3 months ago
U.S. And United Kingdom Disrupt Prolific 'Lockbit' Cybercrime Gang: DOJ | #cybercrime | #infosec | National Cyber Security Consulting
CERT-EU
a year ago
US Offers $10m Reward For Alleged Prolific Ransomware Actor
CERT-EU
a year ago
Russian National Arrested, Charged in US Over Role in LockBit Ransomware Attacks
InfoSecurity-magazine
a year ago
Russian National Arrested in Connection With LockBit Ransomware
CERT-EU
a year ago
The Good, the Bad and the Ugly in Cybersecurity – Week 20 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting
CERT-EU
a year ago
$10M Reward For Arrest Of Russian Hacker
CERT-EU
3 months ago
Police arrest LockBit ransomware members, release decryptor in global crackdown
CERT-EU
3 months ago
U.S. and U.K. Disrupt LockBit Ransomware Variant – Dailyfly | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
3 months ago
Major ransomware site taken down in international law enforcement sting | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
a year ago
Cyber security week in review: May 19, 2023
CERT-EU
a year ago
Latest arrest places LockBit firmly in the crosshairs of international cyber police - TechCentral.ie
CERT-EU
a year ago
LockBit Affiliate Arrested, as Extortion Totals Reach $91M Since 2020
CSO Online
a year ago
Russian national indicted for ransomware attacks against the US
CERT-EU
8 months ago
District of New Jersey | Russian National Charged with Ransomware Attacks Against Critical Infrastructure | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
5 months ago
Behind the Scenes of Matveev's Ransomware Empire: Tactics and Team
Flashpoint
3 months ago
COURT DOC: U.S. and U.K. Disrupt LockBit Ransomware Variant
CERT-EU
3 months ago
International policing operation disrupts LockBit ransomware gang - TechCentral.ie
CERT-EU
a year ago
Feds charge, sanction alleged Russian ransomware criminal
CERT-EU
3 months ago
Law enforcement leaves taunting post for cyber criminals after locking notorious ransomware gang out of their own website | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Flashpoint
a year ago
COURT DOC: Ransomware Charges Unsealed Against Russian National