Suspected Russian hacker charged in U.S. cyber espionage case

Federal prosecutors say Denis Obrezko helped support a Russia-aligned hacking operation that reached into American companies, NATO countries and Ukraine, underscoring how cyber-espionage groups keep operating even after investigators identify them. The 36-year-old made his initial appearance in federal court in Boston on June 10 after being arrested in Thailand in November 2025 and brought to the United States. He was ordered held without bond.

Obrezko was charged with conspiring to commit unauthorized access to a protected computer, and the case is being handled by the Justice Department’s National Security Division. Charging documents say he was linked through cryptocurrency transactions to a virtual private server and a domain name used in the attacks, a reminder that remote infrastructure and digital money trails remain central to modern espionage investigations.

Microsoft identified the group at the center of the case as Void Blizzard, also known as LAUNDRY BEAR, in a May 27, 2025 report. The company said the operation had been active since at least April 2024 and had targeted organizations important to Russian government objectives, including government, defense, transportation, media, nongovernmental organizations and health care. Microsoft also said the group disproportionately focused on NATO member states and Ukraine.

The FBI affidavit in the case said the campaign included mass email harvesting across a broad range of U.S. business sectors and that at least 11 American companies had been hacked, though investigators believe that was only a fraction of the total victims. Microsoft said Void Blizzard initially relied on stolen sign-in credentials likely bought on online marketplaces before shifting in April 2025 to more direct phishing methods, a change that made the operation more aggressive and harder for organizations to contain once the first account was compromised.

The case fits a familiar counterintelligence pattern: identify one operator, seize an arrest, and still face the same network of aliases, servers and stolen access on the other side. Microsoft thanked the Netherlands’ AIVD and MIVD, along with the FBI, for collaborating on the investigation. Separate reporting linked Void Blizzard to a September 23, 2024 breach of a Dutch police employee account through a pass-the-cookie attack, showing how the same campaign that hits governments can just as easily move through corporate and law-enforcement systems. Prosecutors are pressing a single case against Obrezko, but the wider infrastructure behind the campaign remains built to survive it.