IntelEye

Contact us

Blog

Latest Post Image

Cybersecurity

IntelEye collects New Intelligence on "LOCKBITSUPP" aka Dmitry Yuryevich Khoroshev

Samuel E

May 8, 2024

The UK, US, and Australia have unveiled the identity of Dmitry Khoroshev, a Russian national and the mastermind behind the previously notorious LockBit ransomware group, following a coordinated international disruption campaign led by the National Crime Agency (NCA).

Khoroshev, also known by his alias LockBitSupp, who had operated under a veil of anonymity and had placed a $10 million bounty for anyone revealing his identity, now faces sanctions imposed by the UK's Foreign, Commonwealth & Development Office (FCDO), in collaboration with the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) and the Australian Department of Foreign Affairs.

These sanctions entail asset freezes and travel prohibitions. Additionally, the US has unsealed a federal indictment against Khoroshev and is offering a reward of up to $10 million for information that leads to his arrest or conviction

IntelEye analyst collected intelligence on Dmitry Yuryevich Khoroshev after his identity was revealed

After the identity reveal of Khoroshev, IntelEye's Intelligence Research team collected multiple different PIIs and other intelligence data. This investigation aims to help to appropriate authorities such asFederal Bureau of Investigation (FBI)FBI Cyber Division.

Initially, OFAC only collected a limited amount of data on the asset, hence the 10M$ reward for any information leading to his arrest. The posted details were as follows:

  • dob - 17 Apr 1993
  • e-mail #1 - sitedev5@yandex[.]ru
  • e-mail #2 - khoroshev1@icloud[.]com
  • Digital Currency Address - XBT bc1qvhnfknw852ephxyc5hm4q520zmvf9maphetc9z
  • Passport #1 - 2018278055 (Russia)
  • Passport #2 - 2006801524 (Russia)

Using IntelEye's intelligence capabilities, our team was able to gathering the following data:

Owned e-mails

  • khoroshev1@icloud[.]com - OFAC
  • sitedev5@yandex[.]ru - OFAC
  • d.horoshev@gmail[.]com - NEW Intel
  • 3k@xakep[.]ru - NEW Intel
  • pin@darktower[.]su - NEW Intel
  • khoroshev.d@gmail[.]com - NEW Intel

Owned Phone Numbers

  • +79521020220 (Russia)
  • +79673415167 (Russia)
  • +74732414824 (Kazakhstan)
  • +79518539388 (Russia)

Related Addresses

  • Voronezh, Bakuninsky lane, 13 (Russia)
  • Voronezh, Shishkova street, 72/5.2 (Russia)
  • Voronezh, Sacco and Vanzetti street, 78A, 3, 3005, "The entrance will be on the left, after the metal door and stairs” (Russia)
  • Voronezh, st. Ostuzheva, 28 (Russia)
  • Voronezh region, Voronezh, 394044, Kaliningradskaya st., 108, apt. 61 (Russia)

Social Accounts

Aliases/Usernames

  • LockBitSupp
  • d_khororshev
  • pioneer_3D
  • anakonda66
  • Dima
  • Blackenergy
  • blowup
  • pony1
  • Nerowolf/nerowolfe
  • Legenden Ghost

Used IP Addresses

  • 80.82.46.194
  • 95.32.79.153

Additionally his phone number [+79521020220] was saved under the following names:

Post Image
Names used to save Dimitri's phone number
Post Image
Names used to save Dimitri's phone number

With the newly collected PIIs, the research team discovered additional Social Media accounts belonging to LockBitSupp. Here is a sample:

Post Image
VK Account
Post Image
Twitter Account
Post Image
YouTube Account
Post Image
Drupal Account

Case Graph for the LockBitSupp Investigation

Post Image

IntelEye