Suspected Russian hacker charged in Boston over Void Blizzard campaign

Federal prosecutors in Boston say a suspected Russian hacker helped grease the machinery behind Void Blizzard, a cyber-espionage group that used stolen credentials, rented servers and a domain name to break into targets across the United States and Europe. Denis Obrezko, 36, made his initial appearance in federal court on Tuesday and was held without bond on a charge of conspiring to commit unauthorized access to a protected computer.

The case is less about one intruder than about the supply chain that keeps modern cyber operations running. Investigators say Obrezko linked cyber campaign infrastructure to cryptocurrency transactions used to buy a virtual private server and a domain name, the kind of cheap, disposable tools that let operators hide abroad while reaching deep into U.S. networks. The FBI affidavit said Void Blizzard focused on mass email harvesting and that at least 11 U.S. companies were hacked, though officials believe that is only a slice of the activity.

Microsoft said Void Blizzard has been active since at least April 2024 and has targeted organizations in government, defense, transportation, media, healthcare and nongovernmental groups, with a particular focus on NATO member states and Ukraine. In a May 2025 report, Microsoft said the group was a newly observed threat actor pursuing cyber espionage aligned with Russian government objectives. By April 2025, Microsoft said, the group had shifted toward more direct phishing to steal passwords, while still relying on stolen sign-in credentials, likely purchased from online marketplaces.

The investigation also shows how much this fight depends on cross-border cooperation. Microsoft said it worked with the FBI and Dutch intelligence services, the Netherlands General Intelligence and Security Service and the Netherlands Defence Intelligence and Security Service, on the Void Blizzard case. In Thailand, police detained what they called a “world-famous hacker” in Phuket on November 6, 2025, in a joint operation involving Thai police and the FBI, and seized laptops, mobile phones and digital wallets. That arrest, followed by extradition pressure from the United States, brought Obrezko into U.S. custody and into the District of Massachusetts, one of the Justice Department’s busiest federal prosecutor’s offices for cybercrime and national-security cases.

For Washington, the case is another test of whether arrests can disrupt the services that make state-aligned intrusions possible: the infrastructure brokers, credential suppliers and digital middlemen who can be replaced even when one suspect is captured.