216.73.217.22

Affidavit in Support of Application for Criminal Complaint

· Published 11/06/2026 23:09 · Modified 15/06/2026 19:16

Export JSON

Essential information

Published
11/06/2026 23:09
Modified
15/06/2026 19:16
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
cryptocurrency cyber espionage denis obrezko office 365 compromise proxy infrastructure russia-aligned session token theft void blizzard
Tags
2026-06-11 cryptocurrency cyber espionage denis obrezko office 365 compromise proxy infrastructure russia-aligned session token theft void blizzard
Related entities
7 indicators, 7 observables, 1 intrusion sets (apt), 20 techniques (mitre), 14 others

Description

An FBI investigation identified Denis Nikolayevich Obrezko, a Russian national, as facilitating cyber intrusions conducted by the threat group . Between June and July 2024, multiple U.S. companies across various sectors were targeted in a large-scale campaign involving mass email harvesting and unauthorized access. The threat actors utilized stolen session tokens, proxy services, and VPNs to authenticate to victim Office 365 environments and exfiltrate data. Obrezko allegedly obtained critical infrastructure including a virtual private server and domain registration used in these attacks. FBI investigation linked Obrezko through transactions, email accounts, phone numbers, and IP addresses to domains and infrastructure used in the intrusion campaign. Eleven U.S. companies have confirmed unauthorized access, representing only a fraction of suspected victims nationwide.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Indicators (7)

Observables (7)

  • lnstagram.com
  • micsroft.com
  • miscrsosoft.com
  • ebsummlt.eu
  • ffice365.com
  • 172.86.75.235
  • http://lnstagram.com/wlsperrrrr/

Intrusion sets (APT) (1)

  • Void Blizzard
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 13:54 · Modified 21/12/2025 13:54

Techniques (MITRE) (20)

  • T1586
    Compromise Accounts
  • T1213
    Data from Information Repositories
  • T1078
    Valid Accounts
  • T1185
    Browser Session Hijacking
  • T1588.002
    Tool
  • T1573
    Encrypted Channel
  • T1048
    Exfiltration Over Alternative Protocol
  • T1070
    Indicator Removal
  • T1566
    Phishing
  • T1589
    Gather Victim Identity Information
  • T1090
    Proxy
  • T1562
    Impair Defenses
  • T1114
    Email Collection
  • T1133
    External Remote Services
  • T1598
    Phishing for Information
  • T1590
    Gather Victim Network Information
  • T1071
    Application Layer Protocol
  • T1020
    Automated Exfiltration
  • T1567
    Exfiltration Over Web Service
  • T1588.001
    Malware

Others (14)

  • United States of America
  • Energy
  • Finance
  • Education
  • Manufacturing
  • Retail
  • Technology
  • Healthcare
  • Government
  • ffice365.com
  • lnstagram.com
  • ebsummlt.eu
  • micsroft.com
  • miscrsosoft.com

External references