Russian national charged in connection with Void Blizzard cyberespionage campaign

Federal prosecutors have charged a Russian national, Denis Nikolayevich Obrezko, with conspiracy to commit unauthorized computer access in connection with a widespread cyberespionage campaign attributed to the Russia-aligned threat group Void Blizzard, according to a recent report by CyberScoop.

Obrezko is accused of facilitating the campaign by purchasing virtual private servers and domain names used in attacks targeting businesses, educational institutions, and other organizations in the United States and abroad. Void Blizzard, also tracked as Laundry Bear by Microsoft, is a state-sponsored Russian threat group known for large-scale espionage operations. The group primarily uses stolen session tokens to gain access to victim accounts and employs a U.S.-based commercial proxy service, often routing traffic through a VPN, to mask its location and bypass geographic firewalls.

Investigators verified intrusions at 11 U.S. companies between June and July 2024, though the actual number of victims is believed to be higher. Void Blizzard has been observed harvesting emails and files from compromised cloud environments, accessing Teams conversations, and cataloging Microsoft Entra ID configurations. The group has also conducted spear-phishing campaigns, using typosquatted domains to impersonate Microsoft authentication pages, targeting NGOs in Europe and the United States.

Source: CyberScoop