Microsoft reports on the activity of the Russian-affiliated threat actor Void Blizzard, which has been targeting organizations worldwide for espionage since April 2024. The group mainly focuses on NATO members and Ukrainian institutions, using techniques like credential theft and spear-phishing to infiltrate cloud services. #VoidBlizzard #EspionageReporting
Keypoints
- Void Blizzard is a Russian-linked threat actor targeting government, defense, and transport sectors globally.
- The group primarily gains access through stolen credentials and password spraying techniques.
- Recent activities include spear-phishing campaigns impersonating Microsoft authentication portals.
- They have exploited Microsoft cloud services to steal emails, files, and access Teams conversations.
- The threat actor often overlaps with other Russian groups like Forest Blizzard and Midnight Blizzard, indicating shared objectives.
Read More: https://thehackernews.com/2025/05/russian-hackers-breach-20-ngos-using.html