Vasiliev

Threat Actor updated a month ago (2024-11-29T14:43:42.197Z)
Download STIX
Preview STIX
Mikhail Vasiliev, a dual Russian-Canadian national known by various online aliases such as "Ghostrider," was a key threat actor involved in the global LockBit ransomware campaign. Alongside fellow members like Ruslan Magomedovich Astamirov, and others including Sungatov, Kondratyev, and Mikhail Pavlovich Matveev, Vasiliev played a significant role in developing and deploying the LockBit ransomware. This group, through their collective efforts, extorted payments from victim corporations around the globe. From 2021 to 2023, Vasiliev deployed LockBit against at least 12 victims, which included businesses in New Jersey, Michigan, the United Kingdom, and Switzerland, causing damages and losses amounting to at least $500,000. In November 2022, Vasiliev was charged for his involvement in the LockBit campaign. The complaint filed in the District of New Jersey implicated him and other members of the LockBit conspiracy, including Astamirov, Sungatov, Kondratyev, and Matveev. LockBit's "affiliate" members, including Vasiliev and Astamirov, were known to identify and unlawfully access vulnerable computer systems, subsequently deploying the LockBit ransomware on these systems to both steal and encrypt stored data. Vasiliev was arrested by Canadian authorities in November 2022 and extradited to the United States in June 2023. In July, he, along with Astamirov, pleaded guilty in Newark federal court for their roles in the LockBit ransomware operation. Following his extradition, Vasiliev has been sentenced to four years in federal prison. His arrest and subsequent conviction mark significant progress in the ongoing battle against global cyber threats.
Description last updated: 2024-10-17T12:33:32.126Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Ghostrider is a possible alias for Vasiliev. Ghostrider, also known as a threat actor, is an online alias used by Vasiliev, who has been associated with multiple cyberattacks between 2021 and 2023. Other aliases utilized by Vasiliev include "Free," "Digitalocean90," "Digitalocean99," "Digitalwaters99," and "Newwave110." The primary tool of dis
3
Newwave110 is a possible alias for Vasiliev.
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Fraud
Encrypt
Fbi
Extortion
Ransom
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Vasiliev. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers orUnspecified
7
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Mikhail Pavlovich Matveev Threat Actor is associated with Vasiliev. Mikhail Pavlovich Matveev, a Russian national also known by online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, has been identified as a major threat actor in the world of cybersecurity. Matveev is among five Russians charged in connection with Lockbit, a group widely recognized as one ofUnspecified
2
The Artur Sungatov Threat Actor is associated with Vasiliev. In February 2024, the U.S. Justice Department unsealed an indictment in the District of New Jersey against Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, for their involvement with the LockBit ransomware group. This notorious cybercriminal organization has been actiUnspecified
2
The Ivan Kondratyev Threat Actor is associated with Vasiliev. Ivan Kondratyev, also known as Bassterlord, is a recognized threat actor associated with the notorious LockBit ransomware group. The Russian national has been linked to malicious cyber activities targeting numerous businesses and industries across the United States and globally. Operating alongside Unspecified
2
The Wazawaka Threat Actor is associated with Vasiliev. Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's operUnspecified
2
The Bassterlord Threat Actor is associated with Vasiliev. Bassterlord, a known threat actor and affiliate of the LockBit group, has been associated with multiple malicious cyber activities since August 2021. Operating under the alias "Bassterlord," Ivan Kondratyev allegedly deployed LockBit ransomware against private and municipal entities in New York, OreUnspecified
2
Source Document References
Information about the Vasiliev Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
3 months ago
Securityaffairs
4 months ago
CERT-EU
10 months ago
Flashpoint
5 months ago
DARKReading
5 months ago
InfoSecurity-magazine
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Flashpoint
8 months ago
Securityaffairs
8 months ago
Krebs on Security
8 months ago
BankInfoSecurity
8 months ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
10 months ago
CERT-EU
10 months ago
Flashpoint
2 years ago
Flashpoint
10 months ago
CERT-EU
10 months ago
Securityaffairs
2 years ago