8 Serzhana Koloskova Street, Apartment 6, Kaliningrad, Russia
Reg. ID
733584513, Passport
Official reason
the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), designated Mikhail Matveev (Matveev) for his role in launching cyberattacks against U.S. law enforcement, businesses, and critical infrastructure. Concurrently, the U.S. District Courts for the District of New Jersey and the District of Columbia unsealed indictments against Matveev. Additionally, the U.S. Department of State announced an award of up to $10 million for information that leads to the arrest and/or conviction of Matveev under its Transnational Organized Crime Rewards Program. Matveev has been a central figure in the development and deployment of the Hive, LockBit, and Babuk ransomware variants, among others. In 2021, Babuk ransomware affiliates attacked the police department of a major U.S. city. The hackers who infiltrated the police department’s computer network stole the home addresses, cellphone numbers, financial data, medical histories, and other personal details of police officers, along with sensitive information about gangs, suspects of crimes, and witnesses. In a public interview, Matveev claimed responsibility for posting the police department’s stolen data online. In addition to attacks on public institutions, Matveev has been linked to ransomware intrusions against numerous U.S. businesses, including a U.S. airline. Matveev has been vocal about his illegal activities. He has provided insight into his cybercrimes in media interviews, disclosed exploit code to online criminals, and stated that his illicit activities will be tolerated by local authorities provided that he remains loyal to Russia. OFAC is designating Matveev pursuant to section 1(a)(ii)(C) of Executive Order (E.O.) 13694, as amended by E.O. 13757, for being responsible for or complicit in, or having engaged in, directly or indirectly, a cyber-enabled activity originating from, or directed by persons located, in whole or in substantial part, outside the United States that is reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that has the purpose or effect of causing a significant disruption to the availability of a computer or network of computers.
Executive Order 13694 Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities;
Executive Order 13757 Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities
On December 31, 2015, OFAC issued the Cyber-Related Sanctions Regulations, 31 CFR part 578 (80 FR 81752, December 31, 2015) (the “Regulations”) to implement Executive Order (E.O.) 13694 of April 1, 2015, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities” (80 FR 18077, April 2, 2015), pursuant to authorities delegated to the Secretary of the Treasury in E.O. 13694. The Regulations were initially issued in abbreviated form for the purpose of providing immediate guidance to the public. OFAC is revising the Regulations to further implement E.O. 13694, as amended by E.O. 13757 of December 28, 2016, “Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities” (82 FR 1, January 3, 2017), as well as certain provisions of title II of the Countering America's Adversaries Through Sanctions Act (Pub. L. 115–44, 131 Stat. 886 (codified in scattered sections of 22 U.S.C.)) (CAATSA). OFAC is amending and reissuing the Regulations as a more comprehensive set of regulations that includes additional interpretive guidance and definitions, general licenses, and other regulatory provisions that will provide further guidance to the public. Due to the number of regulatory sections being updated or added, OFAC is reissuing the Regulations in their entirety.
E.O. 13694, as Amended by E.O. 13757. On April 1, 2015, the President, invoking the authority of, inter alia, the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), issued E.O. 13694. In E.O. 13694, the President determined that the increasing prevalence and severity of malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States, and declared a national emergency to deal with that threat.
On December 28, 2016, the President issued E.O. 13757 to take additional steps to deal with the national emergency with respect to significant malicious cyber-enabled activities declared in E.O. 13694. E.O. 13757 added an Annex to E.O. 13694 and amended section 1 of E.O. 13694 by replacing section 1(a) in its entirety.
