Russian national Denis Obrezko charged in Void Blizzard cyber espionage campaign

Federal prosecutors charged Russian national Denis Obrezko with conspiracy to commit unauthorized computer access in connection with the Kremlin-linked Void Blizzard espionage group, according to a criminal complaint filed in federal court this week. Obrezko, 36, made his initial appearance in federal court in Boston on Tuesday after being transferred to U.S. custody from Thailand, where he was arrested last November.

The FBI affidavit unsealed Tuesday alleges Obrezko purchased a virtual private server and domain names used in attacks that compromised at least 11 U.S. companies. Investigators described that figure as likely a fraction of the total victim count nationwide.

Void Blizzard's methods and targets

The group primarily relied on stolen session tokens to authenticate to victim accounts without triggering re-authentication requirements. It then used a U.S.-based commercial proxy service to mask the connection's location, routing traffic through a VPN before selecting proxy IP addresses in the same region as a target to bypass geographic firewall restrictions.

Microsoft publicly identified Void Blizzard, which it also tracks as Laundry Bear, in 2025 as a state-sponsored Russian threat group conducting large-scale espionage against government agencies, defense suppliers, and critical infrastructure providers across NATO member states and Ukraine. Dutch intelligence confirmed in May 2025 that the group infiltrated the Netherlands' national police force in September 2024, stealing work-related contact information on police staff.

• Intrusions verified at 11 U.S. companies from June to July 2024 after tips from a foreign partner and a U.S. private-sector firm.
• Spear-phishing campaign in April 2025 targeted more than 20 non-governmental organizations in Europe and the United States using typosquatted domains such as miscrsosoft[.]com and micsrosoftonline[.]com.
• Group harvested bulk email and files from compromised cloud environments, accessed Microsoft Teams conversations, and cataloged Microsoft Entra ID configurations to map organizational structures.

Implications and next steps

Void Blizzard's methods, while not technically advanced, have proven broadly effective. Microsoft researchers noted in 2025 that the group's success illustrates the sustained risk posed by even basic intrusion techniques when applied at scale. The charges against Obrezko represent one of the first criminal cases tied to the group's operations.

Obrezko agreed to be taken into custody while awaiting trial. The case underscores ongoing efforts by U.S. authorities to disrupt Russian state-sponsored cyber espionage networks that continue to target critical infrastructure and government systems across allied nations.