| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Void Blizzard’s cyberespionage operations tend to be highly targeted at specific organizations of interest to the Russian government, including in government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors primarily in Europe and North America. The threat actor uses stolen credentials—which are likely procured from commodity infostealer ecosystems—and collects a high volume of email and files from compromised organizations.
| 2026-01-12
⋅
⋅
Cert-UA
⋅
"Unreliable Fund": targeted cyberattacks UAC-0190 against SOU using PLUGGYAPE (CERT-UA#19092) PLUGGYAPE Void Blizzard |
| 2025-05-27
⋅
Microsoft
⋅
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage Void Blizzard |
| 2025-05-27
⋅
AIVD
⋅
Unknown Russian group behind hacks Dutch targets Void Blizzard |