New Russia-affiliated actor Void Blizzard targets critical sectors for espionage
Essential information
- Published
- 27/05/2025 10:35
- Modified
- 27/05/2025 13:57
- Tags
- 2025-05-27 CVE-2025-27920 azurehound cloud abuse critical sectors cyberespionage evilginx nato russia-affiliated spear-phishing stolen credentials ukraine
- Related entities
- 3 observables, 1 intrusion sets (apt), 3 techniques (mitre), 2 malware, 11 others
Description
Void Blizzard, a newly identified Russia-affiliated threat actor, has been conducting global cyberespionage operations since April 2024. Their primary targets are organizations in critical sectors, particularly in NATO member states and Ukraine, including government, defense, transportation, media, NGOs, and healthcare. The group employs tactics such as using stolen credentials, likely obtained from commodity infostealer ecosystems, and recently evolved to include targeted spear phishing for credential theft. Despite using unsophisticated techniques, Void Blizzard has been effective in gaining access and collecting large volumes of emails and files from compromised organizations. Their activities pose a significant risk to NATO member states and allies of Ukraine.