Category Archives: Mikhail Matveev

The Not-So-Secret Network Access Broker x999xx

Posted on by

Most accomplished cybercriminals go out of their way to separate their real names from their hacker handles. But among certain old-school Russian hackers it is not uncommon to find major players who have done little to prevent people from figuring out who they are in real life. A case study in this phenomenon is “x999xx,” the nickname chosen by a venerated Russian hacker who specializes in providing the initial network access to various ransomware groups. Continue reading The Not-So-Secret Network Access Broker x999xx

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

Posted on by

U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware victims who didn’t pay, LockBit’s victim shaming website now offers free recovery tools, as well as news about arrests and criminal charges involving LockBit affiliates. Continue reading Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

Who is the Network Access Broker ‘Wazawaka?’

Posted on by

In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by Wazawaka, the handle chosen by a major access broker in the Russian-speaking cybercrime scene. Continue reading Who is the Network Access Broker ‘Wazawaka?’