| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Void Blizzard’s cyberespionage operations tend to be highly targeted at specific organizations of interest to the Russian government, including in government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors primarily in Europe and North America. The threat actor uses stolen credentials—which are likely procured from commodity infostealer ecosystems—and collects a high volume of email and files from compromised organizations.
There are currently no families associated with this actor.
| 2025-05-27
⋅
Microsoft
⋅
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage Void Blizzard |
| 2025-05-27
⋅
AIVD
⋅
Unknown Russian group behind hacks Dutch targets Void Blizzard |