Void Blizzard

Description

(Microsoft) Void Blizzard is a new threat actor Microsoft Threat Intelligence has observed conducting espionage operations primarily targeting organizations that are important to Russian government objectives. These include organizations in government, defense, transportation, media, NGOs, and healthcare, especially in Europe and North America. They often use stolen sign-in details that they likely buy from online marketplaces to gain access to organizations. Once inside, they steal large amounts of emails and files. In April 2025, Microsoft Threat Intelligence observed Void Blizzard begin using more direct methods to steal passwords, such as sending fake emails designed to trick people into giving away their login information.

Names

NameName-Giver
Void BlizzardMicrosoft
Laundry BearAIVD

Country

Motivation

  • Information theft and espionage

First Seen

2024

Observed Sectors

Observed Countries

Information

Other Information

Uuid

2a050d77-b95d-4f42-8fc3-b02f93f7bf8f

Last Card Change

2025-06-27