216.73.216.78

New Russia-affiliated actor Void Blizzard targets critical sectors for espionage

· Published 27/05/2025 10:35 · Modified 27/05/2025 13:57

Export JSON

Essential information

Published
27/05/2025 10:35
Modified
27/05/2025 13:57
Tags
2025-05-27 CVE-2025-27920 azurehound cloud abuse critical sectors cyberespionage evilginx nato russia-affiliated spear-phishing stolen credentials ukraine
Related entities
3 observables, 1 intrusion sets (apt), 3 techniques (mitre), 2 malware, 11 others

Description

Void Blizzard, a newly identified threat actor, has been conducting global operations since April 2024. Their primary targets are organizations in , particularly in member states and , including government, defense, transportation, media, NGOs, and healthcare. The group employs tactics such as using , likely obtained from commodity infostealer ecosystems, and recently evolved to include targeted spear phishing for credential theft. Despite using unsophisticated techniques, Void Blizzard has been effective in gaining access and collecting large volumes of emails and files from compromised organizations. Their activities pose a significant risk to member states and allies of .

External references