{
	"id": "a1dd7950-b3f2-4f2a-b276-d9ab9e2968a9",
	"created_at": "2026-04-06T00:22:31.593233Z",
	"updated_at": "2026-04-10T13:12:04.743731Z",
	"deleted_at": null,
	"sha1_hash": "914295d4defd2690c255468bc77b8025ed65b513",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47075,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 22:03:45 UTC\nHome \u003e List all groups \u003e Void Blizzard\n APT group: Void Blizzard\nNames\nVoid Blizzard (Microsoft)\nLaundry Bear (AIVD)\nCountry Russia\nMotivation Information theft and espionage\nFirst seen 2024\nDescription\n(Microsoft) Void Blizzard is a new threat actor Microsoft Threat Intelligence has observed\nconducting espionage operations primarily targeting organizations that are important to\nRussian government objectives. These include organizations in government, defense,\ntransportation, media, NGOs, and healthcare, especially in Europe and North America. They\noften use stolen sign-in details that they likely buy from online marketplaces to gain access to\norganizations. Once inside, they steal large amounts of emails and files. In April 2025,\nMicrosoft Threat Intelligence observed Void Blizzard begin using more direct methods to steal\npasswords, such as sending fake emails designed to trick people into giving away their login\ninformation.\nObserved\nSectors: Defense, Education, Government, Healthcare, IT, Law enforcement, Media,\nTelecommunications, Transportation, NGOs.\nCountries: Ukraine, NATO.\nTools used\nInformation\nLast change to this card: 27 June 2025\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=2a050d77-b95d-4f42-8fc3-b02f93f7bf8f\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=2a050d77-b95d-4f42-8fc3-b02f93f7bf8f\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=2a050d77-b95d-4f42-8fc3-b02f93f7bf8f"
	],
	"report_names": [
		"showcard.cgi?u=2a050d77-b95d-4f42-8fc3-b02f93f7bf8f"
	],
	"threat_actors": [
		{
			"id": "1f05374d-f103-4882-8f74-0c3081de112e",
			"created_at": "2025-06-29T02:01:57.226883Z",
			"updated_at": "2026-04-10T02:00:04.968464Z",
			"deleted_at": null,
			"main_name": "Void Blizzard",
			"aliases": [
				"Laundry Bear"
			],
			"source_name": "ETDA:Void Blizzard",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "dc2202a8-998d-42f5-99c7-ccd4789b351e",
			"created_at": "2026-03-16T02:02:50.589524Z",
			"updated_at": "2026-04-10T02:00:03.819384Z",
			"deleted_at": null,
			"main_name": "IRON HALO",
			"aliases": [
				"Laundry Bear Aivd",
				"Uac 0190 Cert Ua",
				"Void Blizzard Microsoft"
			],
			"source_name": "Secureworks:IRON HALO",
			"tools": [
				"Evilginx2",
				"Pluggyape"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "dcb6e92a-83be-408c-bc06-80652883a996",
			"created_at": "2025-06-05T02:00:04.420438Z",
			"updated_at": "2026-04-10T02:00:03.88532Z",
			"deleted_at": null,
			"main_name": "Void Blizzard",
			"aliases": [
				"LAUNDRY BEAR",
				"UAC-0190"
			],
			"source_name": "MISPGALAXY:Void Blizzard",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434951,
	"ts_updated_at": 1775826724,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/914295d4defd2690c255468bc77b8025ed65b513.pdf",
		"text": "https://archive.orkl.eu/914295d4defd2690c255468bc77b8025ed65b513.txt",
		"img": "https://archive.orkl.eu/914295d4defd2690c255468bc77b8025ed65b513.jpg"
	}
}