Russian alleged hacker linked to Kremlin-backed cybercrime group arrested in Phuket

Moscow [Russia], November 15 (ANI): A Russian man wanted by the United States for alleged cybercrimes has been arrested on the Thai resort island of Phuket, CNN reported, citing Thai police's statement.

Thai police said 35-year-old Denis Obrezko is allegedly part of the notorious group Void Blizzard, a cyber espionage gang recognised by Microsoft for hacking attacks that align with Kremlin interests.

Obrezko was taken into custody on November 6 in a joint operation involving the FBI and Thai authorities. He had arrived in Phuket only a week earlier, according to Thailand's Cyber Crime Investigation Bureau (CCIB), CNN reported.

"This individual had previously breached security systems and attacked government agencies in both Europe and the United States," the CCIB said Friday.

He will be held at the Criminal Court in Bangkok pending extradition to the US, it said.

Police tracked him down to a hotel room in Phuket, where they seized several electronic devices, including a notebook computer, mobile phone and digital wallet, for forensic examination, officers said.

Russia has acknowledged the arrest. Diplomat Ilya Ilyin from the Russian embassy in Thailand confirmed that a Russian citizen was detained in Phuket last week on suspicion of cybercrimes, reportedly at the request of US authorities, according to the TASS news agency.

Microsoft Threat Intelligence (MTI) has previously highlighted Void Blizzard as a major threat actor targeting countries and sectors opposed to Russian interests, as per CNN.

The group's attacks have focused on government, defence, transport, media, NGOs, and healthcare organisations across the US, Europe, and Ukraine.

"They often use stolen sign-in details that they likely buy from online marketplaces to gain access to organisations," researchers said in a statement. "Once inside, they steal large amounts of emails and files."

Void Blizzard is known for using basic techniques for initial access, including "password spraying" where common passwords are systematically applied across multiple usernames, and using stolen authentication details, MTI found.

"Despite the lack of sophistication in their initial access methods, Void Blizzard has been effective in gaining access to and collecting information from compromised organisations in critical sectors," MTI added.

Void Blizzard regularly targets government and law enforcement entities, especially in NATO countries and those offering military or humanitarian aid to Ukraine, MTI said.

The group's activities have affected various sectors in Ukraine, including education, transportation and defence. (ANI)

(This content is sourced from a syndicated feed and is published as received. The Tribune assumes no responsibility or liability for its accuracy, completeness, or content.)