Mikhail Pavlovich Matveev

Threat Actor updated a month ago (2024-10-15T10:02:29.334Z)

Download STIX

Preview STIX

Mikhail Pavlovich Matveev, a Russian national also known by online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, has been identified as a major threat actor in the world of cybersecurity. Matveev is among five Russians charged in connection with Lockbit, a group widely recognized as one of the world's most dangerous ransomware gangs. His alleged involvement in various Lockbit attacks has resulted in him being sought after for his participation in these cybercrimes. In May 2023, the US Justice Department formally charged Matveev for his alleged role in multiple ransomware attacks. Alongside other Russian nationals such as Mikhail Vasiliev and members like Sungatov and Kondratyev, Matveev was implicated in a global LockBit conspiracy. This group is accused of developing and deploying LockBit ransomware to extort payments from victim corporations across the globe. Unsealed indictments reveal that US grand juries have charged Matveev with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. These charges follow an extensive investigation into the inner workings of the ransomware operation led by Matveev. His actions have had a significant impact on victims in the District of Columbia, the United States, and around the world, further solidifying his status as a significant threat actor in the field of cybersecurity.

Description last updated: 2024-10-15T09:26:32.148Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Uhodiransomwar is a possible alias for Mikhail Pavlovich Matveev. Uhodiransomwar, also known as Mikhail Pavlovich Matveev, Wazawaka, m1x, and Boriselcin, is a significant threat actor in the cybersecurity landscape. A Russian national aged 30, Matveev has been implicated in a series of malicious cyber activities since at least 2020. He is alleged to have participa	4
Wazawaka is a possible alias for Mikhail Pavlovich Matveev. Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's oper	4
M1x is a possible alias for Mikhail Pavlovich Matveev. M1x, also known as Wazawaka, Boriselcin, and Uhodiransomwar, is a threat actor identified as Mikhail Pavlovich Matveev. This individual has been allegedly involved in malicious cyber activities since at least 2020. Matveev's primary mode of operation involves the deployment of ransomware, specifical	3
Boriselcin is a possible alias for Mikhail Pavlovich Matveev. Mikhail Pavlovich Matveev, also known as Boriselcin, is a threat actor that has been implicated in significant cybercrime activities. Beginning at least as early as 2020, Matveev has been allegedly involved in deploying three ransomware variants: LockBit, Babuk, and Hive. These attacks targeted vari	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Ransom

Russia

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Lockbit Malware is associated with Mikhail Pavlovich Matveev. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit	Unspecified	4
The Babuk Malware is associated with Mikhail Pavlovich Matveev. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatio	Unspecified	2
The Hive Malware is associated with Mikhail Pavlovich Matveev. Hive is a form of malware, specifically ransomware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Hive can steal personal information, disrupt operations, or hold data hostag	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Hive Ransomware Threat Actor is associated with Mikhail Pavlovich Matveev. Hive ransomware, a prominent threat actor active in 2022, was known for its widespread malicious activities in numerous countries, including the US. The group's modus operandi involved the use of SharpRhino, which upon execution, established persistence and provided remote access to the attackers, e	Unspecified	3
The Vasiliev Threat Actor is associated with Mikhail Pavlovich Matveev. Mikhail Vasiliev, a dual Russian-Canadian national known by various online aliases such as "Ghostrider," was a key threat actor involved in the global LockBit ransomware campaign. Alongside fellow members like Ruslan Magomedovich Astamirov, and others including Sungatov, Kondratyev, and Mikhail Pavl	Unspecified	2

Source Document References

Information about the Mikhail Pavlovich Matveev Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	9 months ago	US charges two Russian nationals in LockBit ransomware case amid global crackdown
Securityaffairs	4 months ago	Russian nationals plead guilty to participating in the LockBit ransomware group
Securityaffairs	4 months ago	Russian nationals plead guilty to participating in the LockBit ransomware group
CERT-EU	2 years ago	US Offers $10m Reward For Alleged Prolific Ransomware Actor
Securityaffairs	a year ago	A Russian national charged for committing LockBit Ransomware attacks
CERT-EU	a year ago	Behind the Scenes of Matveev's Ransomware Empire: Tactics and Team
CERT-EU	2 years ago	Feds charge, sanction alleged Russian ransomware criminal
Flashpoint	2 years ago	COURT DOC: Ransomware Charges Unsealed Against Russian National
CERT-EU	a year ago	Law enforcement agencies cracking down on cyber criminals
Flashpoint	9 months ago	COURT DOC: U.S. and U.K. Disrupt LockBit Ransomware Variant
CERT-EU	9 months ago	Law enforcement leaves taunting post for cyber criminals after locking notorious ransomware gang out of their own website \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	9 months ago	U.S. And United Kingdom Disrupt Prolific 'Lockbit' Cybercrime Gang: DOJ \| #cybercrime \| #infosec \| National Cyber Security Consulting
CERT-EU	9 months ago	U.S. and U.K. Disrupt LockBit Ransomware Variant – Dailyfly \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	9 months ago	Major ransomware site taken down in international law enforcement sting \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	9 months ago	Police arrest LockBit ransomware members, release decryptor in global crackdown
CERT-EU	9 months ago	International policing operation disrupts LockBit ransomware gang - TechCentral.ie
CERT-EU	a year ago	District of New Jersey \| Russian National Charged with Ransomware Attacks Against Critical Infrastructure \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CSO Online	2 years ago	Russian national indicted for ransomware attacks against the US
CERT-EU	2 years ago	The Good, the Bad and the Ugly in Cybersecurity – Week 20 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware – National Cyber Security Consulting
CERT-EU	2 years ago	$10M Reward For Arrest Of Russian Hacker