Wazawaka

Threat Actor updated 2 months ago (2024-07-03T17:18:07.169Z)

Download STIX

Preview STIX

Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's operations have been vast, selling access to numerous organizations and operating his own ransomware affiliate programs. His personal mantra reflects a strong sense of national loyalty, advocating for local operations and relying on "Mother Russia" for protection. In January 2022, KrebsOnSecurity published an investigative piece that traced Wazawaka's many pseudonyms and contact details on Russian-language cybercrime forums back to Mikhail Matveev, a 31-year-old from Abaza, Russia. This identification was a significant step in understanding the individual behind Wazawaka's extensive cybercriminal activities. Despite this exposure, Wazawaka continued his operations, demonstrating a disregard for personal security similar to other top Russian access brokers. The U.S. authorities unsealed indictments against Matveev and another alleged LockBit affiliate, Mikhail Vasiliev, in May 2023. This indictment marked a critical turning point in the fight against these cybercriminals. The State Department’s Transnational Organized Crime Rewards Program has since issued a $10 million bounty for information leading to Matveev's arrest, reflecting the severity of his crimes and the U.S. government's commitment to combating such cyber threats.

Description last updated: 2024-07-03T17:15:30.453Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Mikhail Matveev	4	Mikhail Matveev, also known by his online pseudonyms "Wazawaka," "m1x," "Boriselcin," and "Uhodiransomwar," is a prominent figure in the cybercrime underworld with previous affiliations to LockBit ransomware. Identified as a 31-year-old from Abaza, Russia, Matveev was initially exposed by KrebsOnSec
Boriselcin	4	Mikhail Pavlovich Matveev, also known as Boriselcin, is a threat actor that has been implicated in significant cybercrime activities. Beginning at least as early as 2020, Matveev has been allegedly involved in deploying three ransomware variants: LockBit, Babuk, and Hive. These attacks targeted vari
Mikhail Pavlovich Matveev	4	Mikhail Pavlovich Matveev, a Russian national also known by the online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, is identified as a significant threat actor in the global cybersecurity landscape. He is one of five Russians charged over Lockbit, considered to be the world's most dangero
Uhodiransomwar	3	Uhodiransomwar, also known as Mikhail Pavlovich Matveev, Wazawaka, m1x, and Boriselcin, is a significant threat actor in the cybersecurity landscape. A Russian national aged 30, Matveev has been implicated in a series of malicious cyber activities since at least 2020. He is alleged to have participa
M1x	3	M1x, also known as Wazawaka, Boriselcin, and Uhodiransomwar, is a threat actor identified as Mikhail Pavlovich Matveev. This individual has been allegedly involved in malicious cyber activities since at least 2020. Matveev's primary mode of operation involves the deployment of ransomware, specifical
Hive Ransomware	2	Hive ransomware, a notorious threat actor, emerged as one of the most prolific groups in 2022, executing a series of cyberattacks with malicious intent. This group was responsible for numerous ransomware attacks, causing significant disruptions and damage across various sectors. However, in January

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Cybercrime

Ransom

Russia

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Lockbit	Unspecified	6	LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc
Babuk	Unspecified	3	Babuk is a type of malware, specifically ransomware, that infiltrates systems to encrypt files and hold them for ransom. This malicious software can infect your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operations by enc
Hive	Unspecified	2	Hive is a malicious software (malware) that has been used by the cybercriminal group, Hunters International, to launch ransomware attacks since October of last year. The group operates as a ransomware-as-a-service (RaaS) provider, spreading Hive rapidly through collaborations with less sophisticated

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Vasiliev	Unspecified	2	Mikhail Vasiliev, a dual Russian-Canadian national, was identified as a key player in the global LockBit ransomware conspiracy. Alongside other members including Ruslan Magomedovich Astamirov, Mikhail Pavlovich Matveev, and alleged developers Sungatov and Kondratyev, Vasiliev was involved in the dev
Mikhail Pavolovich Matveev	Unspecified	2	None

Source Document References

Information about the Wazawaka Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Krebs on Security	2 months ago	The Not-So-Secret Network Access Broker x999xx
Krebs on Security	4 months ago	U.S. Charges Russian Man as Boss of LockBit Ransomware Group
BankInfoSecurity	4 months ago	LockBitSupp's Identity Revealed: Dmitry Yuryevich Khoroshev
Trend Micro	7 months ago	LockBit Attempts to Stay Afloat with a New Version
CERT-EU	7 months ago	LockBit affiliates arrested in Ukraine, Poland \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	7 months ago	Law enforcement leaves taunting post for cyber criminals after locking notorious ransomware gang out of their own website \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
Krebs on Security	7 months ago	Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates
CERT-EU	7 months ago	Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates – GIXtools
CERT-EU	7 months ago	US indicts two Russian nationals in LockBit ransomware case \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	7 months ago	Police arrest LockBit ransomware members, release decryptor in global crackdown
CERT-EU	a year ago	District of New Jersey \| Russian National Charged with Ransomware Attacks Against Critical Infrastructure \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CSO Online	a year ago	Russian national indicted for ransomware attacks against the US
CERT-EU	a year ago	One of the FBI's Most Wanted Hackers Is Trolling the US Government \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	Alleged Babuk Ransomware ‘Wazawaka’ Hacker Indicted in US \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware – National Cyber Security Consulting
CERT-EU	a year ago	Infamous Russian hacker mocks the FBI by selling t-shirts featuring his most wanted poster
CERT-EU	a year ago	Who wants to be a millionaire by giving a tip to FBI about this hacker?
Flashpoint	a year ago	COURT DOC: Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses
CERT-EU	a year ago	FBI Most-Wanted Russian Hacker Reveals Why He Burned His Passport \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	Russian national charged with ransomware attacks against critical infrastructure
BankInfoSecurity	a year ago	RA Group Using Babuk Ransomware Source Code in Fresh Attacks