Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 22:03:45 UTC
Home > List all groups > Void Blizzard
 APT group: Void Blizzard
Names
Void Blizzard (Microsoft)
Laundry Bear (AIVD)
Country Russia
Motivation Information theft and espionage
First seen 2024
Description
(Microsoft) Void Blizzard is a new threat actor Microsoft Threat Intelligence has observed
conducting espionage operations primarily targeting organizations that are important to
Russian government objectives. These include organizations in government, defense,
transportation, media, NGOs, and healthcare, especially in Europe and North America. They
often use stolen sign-in details that they likely buy from online marketplaces to gain access to
organizations. Once inside, they steal large amounts of emails and files. In April 2025,
Microsoft Threat Intelligence observed Void Blizzard begin using more direct methods to steal
passwords, such as sending fake emails designed to trick people into giving away their login
information.
Observed
Sectors: Defense, Education, Government, Healthcare, IT, Law enforcement, Media,
Telecommunications, Transportation, NGOs.
Countries: Ukraine, NATO.
Tools used
Information
Last change to this card: 27 June 2025
Download this actor card in PDF or JSON format
Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=2a050d77-b95d-4f42-8fc3-b02f93f7bf8f
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=2a050d77-b95d-4f42-8fc3-b02f93f7bf8f
Page 1 of 1