The Void Blizzard (Laundry Bear) threat group conducts cyberespionage primarily by stealing session tokens to gain unauthorized access to cloud environments, often masking its origin via U.S.-based proxy services and VPNs. The group has targeted U.S. and international organizations, harvesting emails, files, and Teams conversations, and using typosquatted domains for spear-phishing. A Russian national has been charged for facilitating these attacks by procuring infrastructure, including VPS and domains.
Threat Intelligence Russian national charged in connection with Void Blizzard cyberespionage campaign June 11, 2026 Share By SC Staff Federal prosecutors have charged a Russian national, Denis Nikolayevich Obrezko, with conspiracy to commit unauthorized computer access in connection with a widespread cyberespionage campaign attributed to the Russia-aligned threat group Void Blizzard, according to a recent report by CyberScoop. Obrezko is accused of facilitating the campaign by purchasing virtual private servers and domain names used in attacks targeting businesses, educational institutions, and other organizations in the United States and abroad. Void Blizzard, also tracked as Laundry Bear by Microsoft, is a state-sponsored Russian threat group known for large-scale espionage operations. The group primarily uses stolen session tokens to gain access to victim accounts and employs a U.S.-based commercial proxy service, often routing traffic through a VPN, to mask its location and bypass geographic firewalls. Investigators verified intrusions at 11 U.S. companies between June and July 2024, though the actual number of victims is believed to be higher. Void Blizzard has been observed harvesting emails and files from compromised cloud environments, accessing Teams conversations, and cataloging Microsoft Entra ID configurations. The group has also conducted spear-phishing campaigns, using typosquatted domains to impersonate Microsoft authentication pages, targeting NGOs in Europe and the United States. Source: CyberScoop SC Staff Related Threat Intelligence FBI shuts down 13 ‘consulting’ websites used for suspected Chinese espionage Laura French June 11, 2026 The sites were used to lure security clearance holders into divulging classified information. Threat Intelligence OceanLotus targets stock investors and construction firm with SPECTRALVIPER backdoor SC Staff June 11, 2026 Vietnam-aligned threat actor OceanLotus has been linked to two distinct campaigns targeting domestic entities and stock investors with a backdoor known as SPECTRALVIPER, according to ESET. Threat Intelligence JDY botnet expands, enabling rapid exploitation of disclosed vulnerabilities SC Staff June 10, 2026 Initially flagged as part of the KV-botnet, JDY has evolved into an independent reconnaissance capability following the U.S. government's takedown of KV in early 2024. Related Events Cybercast Better Threat Intelligence Between Public and Private Sectors On-Demand Event Virtual Conference Nationwide Cybersecurity Summit 2025: Safeguarding America’s Digital Future On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting Backdoor Deauthentication Attack Distributed Scans Domain Hijacking Dumpster Diving Google Hacking Hybrid Attack Password Cracking Reconnaissance You can skip this ad in 5 seconds