🇷🇺

Void Blizzard

APT Group Information theft and espionage ETDA ✓

Also Known As 2 names

LAUNDRY BEAR UAC-0190

Target Countries 2

Countries highlighted in red

Ukraine United States

Sectors Targeted

Computer Systems Design Services 541512 NGOs Transportation Education Telecommunications IT Healthcare Media Government Defense Law enforcement

Details

Origin 🇷🇺 RU

Last Updated 07 Jun 2025

MITRE ATT&CK 22

T1005 - Data from Local System T1033 - System Owner/User Discovery T1056.001 - Keylogging T1057 - Process Discovery T1059.007 - JavaScript T1071.001 - Web Protocols T1074.001 - Local Data Staging T1078 - Valid Accounts T1082 - System Information Discovery T1083 - File and Directory Discovery T1102 - Web Service T1105 - Ingress Tool Transfer T1113 - Screen Capture T1132.001 - Standard Encoding T1204.001 - Malicious Link T1547.001 - Registry Run Keys / Startup Folder T1566 - Phishing T1568 - Dynamic Resolution T1583.001 - Domains T1584.001 - Domains T1589.002 - Email Addresses T1608.001 - Upload Malware

Related Zero-Days

No zero-day CVE linked to this actor

Known Names 2 entries

Void Blizzard Microsoft

Laundry Bear AIVD

Observed Target Countries 2

Based on ETDA data — countries highlighted in red

Ukraine NATO

Description

(Microsoft) Void Blizzard is a new threat actor Microsoft Threat Intelligence has observed conducting espionage operations primarily targeting organizations that are important to Russian government objectives. These include organizations in government, defense, transportation, media, NGOs, and healthcare, especially in Europe and North America. They often use stolen sign-in details that they likely buy from online marketplaces to gain access to organizations. Once inside, they steal large amounts of emails and files. In April 2025, Microsoft Threat Intelligence observed Void Blizzard begin using more direct methods to steal passwords, such as sending fake emails designed to trick people into giving away their login information.

Reports & References 1

https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/

ETDA Profile

Void Blizzard

Origin

Russia

First Seen 2024

Motivation

Information theft and espionage

View on ETDA APT Groups ↗