Full Report
Mikhail Matveev, better known as Wazawaka, was in court last week. The post Notorious ransomware developer charged with computer crimes in Russia appeared first on CyberScoop.
Analysis Summary
# Threat Actor: Mikhail Matveev (Wazawaka)
## Attribution & Identity
* **Primary Identifier:** Mikhail Matveev
* **Known Alias:** Wazawaka
* **Known Associations:** Linked to several major ransomware operations, including Babuk, Conti, DarkSide, Hive, and LockBit.
* **Status:** Recently charged by Russian authorities for creation/distribution of malicious software intended to damage or manipulate information systems.
## Activity Summary
Matveev is a notorious hacker known for developing malware used to extort commercial organizations. His case rose to prominence following his alleged involvement in the April 2021 ransomware attack on the Washington, D.C.’s Metropolitan Police Department (MPD) as a member of the Babuk group.
## Tactics, Techniques & Procedures
* Development and distribution of software intended to damage or manipulate information systems (specifically ransomware malware).
* The article focuses on the *development* aspect rather than granular intrusion TTPs, but his association with ransomware groups implies expertise in encryption, lateral movement, and data staging/exfiltration.
## Targeting
* **Sectors:** Commercial organizations (broadly targeted by associated ransomware groups). Specifically linked to an attack on law enforcement/government infrastructure (Washington D.C.'s Metropolitan Police Department).
* **Geography:** Primarily operates globally, though arrests and prosecutions are occurring in Russia. Victims mentioned are international (e.g., Washington D.C. MPD).
* **Victims:** Washington, D.C.’s Metropolitan Police Department (MPD) in April 2021 (allegedly via Babuk).
## Tools & Infrastructure
* **Malware Families Used:** Associated with the development/distribution of tools used by **Babuk, Conti, DarkSide, Hive, and LockBit** ransomware groups.
* **Infrastructure (C2, domains, IPs):** Not specified in detail in the provided text. He was noted to have had a large amount of cryptocurrency seized.
## Implications
Russia's prosecution of Matveev is significant due to the country's historical leniency toward cybercriminals operating domestically, especially those targeting foreign adversaries. This action aligns with a recent broader crackdown by Russian authorities on cybercriminals. US authorities (FBI/State Department) have a standing $10 million reward for information leading to his capture, indicating high intelligence value. Matveev previously displayed a cavalier attitude towards foreign sanctions and law enforcement, suggesting a potential shift in operational risk assessment within Russia.
## Mitigations
* **General Defense:** Organizations should maintain robust defenses against known ransomware variants linked to Conti, LockBit, Hive, and DarkSide.
* **Law Enforcement Cooperation:** Organizations should remain aware of international law enforcement efforts, as Matveev, despite being charged domestically, remains wanted by US authorities.