Russian national faces Void Blizzard hacking conspiracy charge

The complaint is useful because it makes Void Blizzard less mystical. According to the FBI affidavit described by CyberScoop, prosecutors accused Denis Nikolayevich Obrezko of helping the campaign by buying a virtual private server and domains used in attacks, including Microsoft-spoofing domains tied to the same infrastructure. The charge is conspiracy to commit unauthorized computer access, and a criminal complaint is still an allegation. For defenders, the useful part is the tradecraft: investigators say the operation worked through stolen session tokens, VPN routing and a U.S.-based commercial proxy service that made traffic look local to the target.

The affidavit describes a basic identity failure rather than exotic exploitation. Investigators said the FBI verified intrusions at 11 U.S. companies after tips from a foreign partner and a U.S. private-sector firm, and the affidavit called that likely only a fraction of the total. Microsoft had already described Void Blizzard, also called Laundry Bear, as a Russian state-sponsored group targeting government agencies, defense suppliers and critical infrastructure providers across NATO states, Ukraine and elsewhere. The targets were high-value. The path in was ordinary.

Monday's work is therefore not to admire the indictment. It is to test whether session-token theft is visible in logs, whether conditional access actually challenges risky sessions, whether geographic restrictions still matter once a proxy selects a nearby IP address, and whether Microsoft Entra ID mapping activity would be noticed before the attacker has already read the mail.