Menu
Browse

Cyber Threat Actor: Dmitrii Vassilev

Actor Type Location Known Incidents
 Icon
Insider - Accidental
Russia
1 incident
Profile

Dmitrii Vassilev isthe alias used for a threat actor whose location is publicly identified as Russia. The actor came to attention in mid‑2017 when a critical customer support domain associated with Dell’s pre‑installed backup and recovery application experienced a lapse in registration control. This domain was essential for allowing affected Dell devices to restore factory settings, making its continued availability a key part of the product’s support infrastructure. A contractor responsible for the domain failed to renew its registration, which resulted in a temporary loss of control over the name. During the period of lapse, the domain was hijacked and began resolving to servers that security tools had previously flagged for distributing ransomware and spam campaigns. The hijack persisted for approximately one month before Dell’s security team was alerted and managed to reclaim the domain. Upon recovery, Dell acknowledged the oversight, noted that the backup and recovery application in question had already been discontinued, and confirmed that no malware infections were definitively traced to the incident.

Security monitoring observed connections to the compromised infrastructure throughout the hijack window, yet forensic analysis did not uncover any successful payload delivery or system compromise linked to the redirection. The episode underscored how an expired domain registration can be leveraged to redirect traffic to malicious hosts, even when the actor’s broader tooling or malware repertoire remains undocumented in public sources. In the same timeframe, unrelated tech‑support scams that abused Dell service tags were observed, contributing to heightened concerns about customer data safety but not directly tied to Vassilev’s actions. No public reporting attributes specific malware families, phishing kits, exploit kits, or command‑and‑control infrastructures to this actor beyond the domain‑registration lapse. Likewise, no credible sources establish a state sponsor, criminal‑consortium affiliation, or a pattern of additional campaigns for Dmitrii Vassilev. Consequently, the known profile of the actor is confined to this singular, publicly reported domain‑hijack event and its immediate aftermath, with further details about motives, capabilities, or associations remaining unspecified in the available record.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources