Void Blizzard

Description

(Microsoft) Void Blizzard is a new threat actor Microsoft Threat Intelligence has observed conducting espionage operations primarily targeting organizations that are important to Russian government objectives. These include organizations in government, defense, transportation, media, NGOs, and healthcare, especially in Europe and North America. They often use stolen sign-in details that they likely buy from online marketplaces to gain access to organizations. Once inside, they steal large amounts of emails and files. In April 2025, Microsoft Threat Intelligence observed Void Blizzard begin using more direct methods to steal passwords, such as sending fake emails designed to trick people into giving away their login information.

Names

Name	Name-Giver
Void Blizzard	Microsoft
Laundry Bear	AIVD

Country

• Russia

Motivation

• Information theft and espionage

First Seen

2024

Observed Sectors

• Defense
• Education
• Government
• Healthcare
• IT
• Law enforcement
• Media
• Telecommunications
• Transportation
• NGOs

Observed Countries

• Ukraine
• NATO

Information

• https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/

Other Information

Uuid

2a050d77-b95d-4f42-8fc3-b02f93f7bf8f

Last Card Change

2025-06-27