Overview
- Denis Obrezko was extradited from Thailand and made an initial federal court appearance in Boston on Tuesday where he was charged with conspiracy to commit unauthorized access to a protected computer and held without bond.
- U.S. charging documents and an FBI affidavit allege Obrezko bought a virtual private server and domain names with cryptocurrency that were later used in attacks tied to the group known as Void Blizzard.
- Microsoft first flagged Void Blizzard in May 2025 and said the actor had been active since at least April 2024 targeting NATO states, Ukraine, and multiple sectors including government, defense, transportation, media, healthcare, and NGOs.
- Investigators say the group relied on simple but effective tradecraft such as harvesting bulk email and files, using stolen session tokens to access accounts, routing traffic through VPNs and commercial proxies, and registering typosquatted domains to spoof Microsoft login pages.
- Thailand’s government says the extradition complied with its laws and treaties, the case is being prosecuted by the DOJ National Security Division, and the FBI has identified at least 11 compromised U.S. firms with officials warning that the true victim count is likely higher.