On February 20, 2024, amidst global headlines reporting an international law enforcement task force's successful takeover of the LockBit leak site, a new ransomware operation emerged. The group goes by the name 'Mogilevich.'
The ransomware operation does not claim any affiliation with nation states; however, the very name Mogilevich recalls a Russian connection. The name may reference Semion Mogilevich, a Ukraine-born national of Russia, Ukraine and Israel with an alleged criminal history. According to a recent press release of the United States FBI. Open sources suggest Semion Mogilevich may be linked to RosUkrEnergo, a Switzerland-based gas distributor with connections across Eastern Europe, and corporate ties with the Russian giant Gazprom. According to press sources, before his passing, the former KGB officer Alexander Litvinenko claimed Semion Mogilevich held close ties with the current Russian establishment.
So far the Mogilevich group listed one victim in the United States.
Intelligence available on this actor is presently very limited. We will keep monitoring the actor and share relevant intelligence when appropriate.