FBI announces $10 million reward for Russian hacker Mikhail Matveev

The US Department of Justice has put a prominent Russian hacker, Mikhail Matveev, on the wanted list, and the State Department has offered a $10 million reward for information that would help catch him. At the same time, the department accused Russia of becoming a “safe haven” for cybercriminals: for more than a year, Matveev has not hidden his face and does not deny connections with the largest groups of “Russian hackers”.

We are taking these actions against Matveev in connection with his involvement in cyber extortion against US law enforcement agencies, private companies and critical infrastructure around the world. US State Department

Why was Matveev put on the wanted list?

Matveeva accuse in ties with three cybercriminal groups at once (Babuk, LockBit and Hive), each of which is well known outside of Russia, and especially in the United States. All of them controlled ransomware that infected the systems of victims (usually large companies), blocked access to them, and then demanded a ransom for unlocking.

In an official press release from the US Department of Justice indicated the amount of earnings of hacker associations with which Matveev worked. During their cooperation with the Russian, they demanded about $400 million in ransom from their victims, of which they managed to get about $200 million. At the same time, the US Department of Justice calls Matveev himself “a key player in the Russian ransomware ecosystem.”

FBI Offers $10 Million for Help in Catching Matveev Photo: FBI

“While in Russia, Matveev used several variants of ransomware to attack critical infrastructure around the world, including hospitals, government agencies and organizations from other sectors,” said Assistant U.S. Attorney General Kenneth Polite Jr.

What attacks are the Russians accused of?

Matveev, 31, has been put on the wanted list in the United States for several specific attacks. In particular, the prosecutor’s office believes that in June 2020, using the Hive ransomware program, he attacked the police of one of the districts of the state of New Jersey, and in May 2022, in the same state, a non-profit mental health organization became his victim. Between these two attacks, in the spring of 2021, Matveev, using the Babuk program, attacked the Washington Police Department.

Matveev, known on the dark web as Wazawaka, Babuk, BorisElcin, unc1756 and Orange, has already reacted on inclusion on the US Federal Bureau of Investigation (FBI) Most Wanted list of cybercriminals on his Twitter account.

Mikhail Matveev, Russian hacker,in response to being placed on the FBI’s Most Wanted list of cybercriminals

Another well-known Russian cybercriminal, known as Bassterlord, praised Matveev in the comments. “Good, good, on the honor roll,” he wrote.

Why does Matveev not hide his appearance?

The fact that the FBI has photos of Matveev is not at all the merit of the investigators. In January 2022, Wazawaka was deanonymized by renowned Western journalist Brian Krebs. He specializes in compiling logical chains from data from open or paid sources. In particular, Krebs likes to compare data about email passwords and IP addresses that have been hacked and leaked databases at different times. In recent years, the journalist has thus managed to get on the trail of several hackers and cyber scammers on a global scale.

The formal reason for the investigation of Krebs was that in 2020 Wazawaka stated that he was related to a large DarkSide group, which included Russian-speaking hackers. DarkSide is responsible for numerous attacks on American infrastructure, including the Colonial Pipeline. This attack paralyzed several regions of the United States and provoked a fuel crisis.

During the course of the investigation, Krebs was greatly helped by the 2000s neglect of security by Russian cybercriminals: some hackers continued to use accounts that were registered without the use of a VPN or other location-hiding software. Comparing data from leaks, Krebs came out against Mikhail Matveev, a resident of Abakan, having also found his pages on social networks, phone numbers and even some relatives.

Matveev showed his face to one of the Western journalists for the first time, realizing that he could no longer be hidden. Frame: KrebsOnSecurity / YouTube

Wazawaka reacted almost immediately to the deanonymization, publishing there are several videos on the accounts associated with it. In them, Matveev, actively using profanity, praised Krebs for the investigation and made it clear that he plans to continue attacking American companies, and also showed a tattoo below the elbow on his right hand and a missing ring finger on his left.

You come here to me, have a market with me. I declare war on the USA. And I want to say that you are all [люди нетрадиционной сексуальной ориентации] Mikhail MatveevRussian hacker

Hacker is not afraid of extradition due to strained relations between Russia and the United States

The United States tends to extradite any criminals against whom formal charges have been brought from friendly countries, as a rule, with relative ease. However, there is no such agreement with Russia. In addition, the tension in relations between Moscow and Washington also contributes. Moreover, in the Western media, Russia is openly called a haven for hackers and cybercriminals of various stripes.

“Hackers and cybercriminals team up with regular criminal gangs and often take refuge in rogue states. I’m talking about Russia first of all,” stated US Deputy Attorney General Lisa Monaco.

Don’t shit where you live, travel only in your own country and don’t leave its borders Mikhail Matveev, Russian hackerin response to a request to formulate his personal motto

At the same time, Matveev, on the whole, is not shy about contacts with the Western press. In August 2022, he gave a long interview to The Record in which told about purely technical details of organizing some of their attacks and relationships with colleagues. He also mentioned that he was initially shocked by the agreement reached in the summer of 2021 between US and Russian Presidents Joe Biden and Vladimir Putin on mutual assistance and a joint fight against cybercrime.

“I almost shit myself when it happened, I started drinking a lot. But then I studied the law and realized that Russia would not extradite me to America if I was caught. And then a special military operation began [которая усложнила отношения между странами], and I was damn happy about it,” said Matveev. “If the FBI and the FSB one day start cooperating with each other, I’m done for.”

What other “Russian hackers” are they looking for in the US?

Matveev is far from the only Russian hacker to receive a $10 million reward in the US for helping to catch him. Earlier, the US Department of Justice filed formal charges of fraud and money laundering against Denis Kulkov and promised those who would contribute to his arrest a similar reward. Investigators believe he was the founder of the Try2Check service, which could be used to check the validity of stolen credit cards. No interest from Russian law enforcement agencies in Kulkov has been reported.

In total, there are several dozen Russians on the FBI’s list of cybercriminals most wanted. Some of them in the United States are directly called employees of the Main Directorate of the General Staff of the RF Armed Forces (the former name is the GRU). They are charged with intelligence operations in the United States using cybercriminal technologies. However, most of them, one way or another, tried to make money on the creation or implementation of malicious programs.

Russian hackers would not want the FBI to actively cooperate with the FSB Photo: Alvin Baez / Reuters

For example, Maxim Yakubets, according to US authorities, was one of the users of the Zeus Trojan created in 2007, which helped its creators to steal data from customers of Europe’s largest banks. The damage caused by them amounted to, according to the most conservative estimates, 36 million dollars. Later, Yakubets headed a large hacker group Evil Corp and, as of 2019, allegedly lived in Moscow.

Another well-known person on the list was Evgeny Polyanin, who in the United States is considered one of the leaders of the REvil grouping that was defeated in early 2021. American investigators consider him involved in the extortion of more than 13 million dollars, but the real scope of the hacker association’s activities can be much more shocking.