US hunts down Russian ‘Void Blizzard’ hacker in Thailand raid after attacks on American companies

US hunts down Russian ‘Void Blizzard’ hacker in Thailand raid after attacks on American companies - Bookmark A suspected Russian hacker has been extradited from Thailand to the United States, where he faces charges for allegedly facilitating a widespread cyberattack campaign that victimized numerous American companies. Denis Obrezko, who was apprehended in Thailand last November, made his initial appearance in federal court in Boston on Tuesday. He is connected to a case that U.S. authorities describe as a large-scale cyber espionage operation carried out by a group known as Void Blizzard. The 36-year-old has been charged with conspiring to commit unauthorized access to a protected computer and is currently being held without bond. The case is being prosecuted by the U.S. Department of Justice's National Security Division. The Justice Department declined to comment on Wednesday, and a court-appointed lawyer for Obrezko did not respond to inquiries. Thailand's Ministry of Foreign Affairs stated that its decision to extradite Obrezko complied with Thai domestic law and its obligations under related treaties, while "fully respecting the due process of law of the defendant." Void Blizzard was identified by Microsoft in a May 2025 report as a new group conducting cyber espionage against organizations crucial to Russian government objectives. Active since at least April 2024, the group has primarily targeted government, defense, transportation, media, healthcare, and non-governmental organizations in NATO member states and Ukraine. An FBI agent's affidavit filed in connection with Obrezko's case detailed Void Blizzard's focus on mass email harvesting across various US business sectors. The FBI has identified at least 11 US companies that were hacked, a number believed to be only a fraction of Void Blizzard's total victims, according to court documents. Charging documents further allege that the FBI linked Obrezko to cryptocurrency transactions used to acquire a virtual private server and domain name, which were then employed in attacks targeting companies in the United States and elsewhere.