Wazawaka

Threat Actor updated a month ago (2024-11-29T14:08:58.541Z)
Download STIX
Preview STIX
Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's operations have been vast, selling access to numerous organizations and operating his own ransomware affiliate programs. His personal mantra reflects a strong sense of national loyalty, advocating for local operations and relying on "Mother Russia" for protection. In January 2022, KrebsOnSecurity published an investigative piece that traced Wazawaka's many pseudonyms and contact details on Russian-language cybercrime forums back to Mikhail Matveev, a 31-year-old from Abaza, Russia. This identification was a significant step in understanding the individual behind Wazawaka's extensive cybercriminal activities. Despite this exposure, Wazawaka continued his operations, demonstrating a disregard for personal security similar to other top Russian access brokers. The U.S. authorities unsealed indictments against Matveev and another alleged LockBit affiliate, Mikhail Vasiliev, in May 2023. This indictment marked a critical turning point in the fight against these cybercriminals. The State Department’s Transnational Organized Crime Rewards Program has since issued a $10 million bounty for information leading to Matveev's arrest, reflecting the severity of his crimes and the U.S. government's commitment to combating such cyber threats.
Description last updated: 2024-07-03T17:15:30.453Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Mikhail Matveev is a possible alias for Wazawaka. Mikhail Matveev, also known by the aliases Wazawaka, m1x, Boriselcin, and Uhodiransomwar, is a prominent threat actor associated with significant cybercrime activities. His involvement in the cybercrime world was traced back to 2020 and 2021 when he was identified as an affiliate of LockBit, a notor
4
Boriselcin is a possible alias for Wazawaka. Mikhail Pavlovich Matveev, also known as Boriselcin, is a threat actor that has been implicated in significant cybercrime activities. Beginning at least as early as 2020, Matveev has been allegedly involved in deploying three ransomware variants: LockBit, Babuk, and Hive. These attacks targeted vari
4
Mikhail Pavlovich Matveev is a possible alias for Wazawaka. Mikhail Pavlovich Matveev, a Russian national also known by online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, has been identified as a major threat actor in the world of cybersecurity. Matveev is among five Russians charged in connection with Lockbit, a group widely recognized as one of
4
Uhodiransomwar is a possible alias for Wazawaka. Uhodiransomwar, also known as Mikhail Pavlovich Matveev, Wazawaka, m1x, and Boriselcin, is a significant threat actor in the cybersecurity landscape. A Russian national aged 30, Matveev has been implicated in a series of malicious cyber activities since at least 2020. He is alleged to have participa
3
M1x is a possible alias for Wazawaka. M1x, also known as Wazawaka, Boriselcin, and Uhodiransomwar, is a threat actor identified as Mikhail Pavlovich Matveev. This individual has been allegedly involved in malicious cyber activities since at least 2020. Matveev's primary mode of operation involves the deployment of ransomware, specifical
3
Hive Ransomware is a possible alias for Wazawaka. Hive ransomware, a prominent threat actor active in 2022, was known for its widespread malicious activities in numerous countries, including the US. The group's modus operandi involved the use of SharpRhino, which upon execution, established persistence and provided remote access to the attackers, e
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Cybercrime
Ransom
Russia
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Wazawaka. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers orUnspecified
6
The Babuk Malware is associated with Wazawaka. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatioUnspecified
3
The Hive Malware is associated with Wazawaka. Hive is a form of malware, specifically ransomware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Hive can steal personal information, disrupt operations, or hold data hostagUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Vasiliev Threat Actor is associated with Wazawaka. Mikhail Vasiliev, a dual Russian-Canadian national known by various online aliases such as "Ghostrider," was a key threat actor involved in the global LockBit ransomware campaign. Alongside fellow members like Ruslan Magomedovich Astamirov, and others including Sungatov, Kondratyev, and Mikhail PavlUnspecified
2
The threatActor Mikhail Pavolovich Matveev is associated with Wazawaka. Unspecified
2
Source Document References
Information about the Wazawaka Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
16 days ago
Krebs on Security
16 days ago
Securityaffairs
25 days ago
Krebs on Security
6 months ago
Krebs on Security
8 months ago
BankInfoSecurity
8 months ago
Trend Micro
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
Krebs on Security
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
a year ago
CSO Online
2 years ago
CERT-EU
a year ago
CERT-EU
2 years ago
CERT-EU
a year ago
CERT-EU
2 years ago
Flashpoint
2 years ago