Key points: Denis Obrezko, 35, was arrested in Phuket on November 6 in a joint FBI–Thai operation and is being held in Bangkok pending a US extradition request. Authorities say he is suspected of belonging to Void Blizzard, a group Microsoft links to Kremlin‑aligned cyber‑espionage. Seized devices are undergoing forensic analysis, and Microsoft Threat Intelligence warns the group uses stolen credentials and password‑spraying to exfiltrate large volumes of emails and files from critical sectors.
Russian Man Allegedly Linked to 'Void Blizzard' Arrested in Phuket in Joint FBI–Thai Operation, Faces US Extradition
Key points: Denis Obrezko, 35, was arrested in Phuket on November 6 in a joint FBI–Thai operation and is being held in Bangkok pending a US extradition request. Authorities say he is suspected of belonging to Void Blizzard, a group Microsoft links to Kremlin‑aligned cyber‑espionage. Seized devices are undergoing forensic analysis, and Microsoft Threat Intelligence warns the group uses stolen credentials and password‑spraying to exfiltrate large volumes of emails and files from critical sectors.
03:28 PM, 11/15/2025Security
Russian Suspect Arrested in Phuket, Awaiting US Extradition
Thai authorities announced that 35-year-old Denis Obrezko was arrested on November 6 on the resort island of Phuket in a joint operation involving the FBI and Thailand’s Cyber Crime Investigation Bureau (CCIB). He is wanted by US authorities on alleged cybercrime charges and is being held at the Criminal Court in Bangkok pending an extradition request.
According to the CCIB, Obrezko is suspected of belonging to the cyber‑espionage group known as Void Blizzard, which Microsoft Threat Intelligence (MTI) has linked to hacking activity that aligns with Kremlin interests. The CCIB said the detainee “had previously breached security systems and attacked government agencies in both Europe and the United States.”
Local police located Obrezko in a hotel room on Phuket and seized several electronic devices — including a notebook computer, a mobile phone and a digital wallet — all of which have been taken for forensic examination.
What Microsoft Threat Intelligence Says
MTI has flagged Void Blizzard for repeatedly targeting organisations that Russia opposes. The group reportedly focuses on government, defence, transport, media, NGOs and healthcare institutions across the United States, Europe and Ukraine.
Researchers say Void Blizzard frequently obtains access by using stolen sign-in credentials that are likely purchased on online marketplaces and by employing basic techniques such as password spraying. Once inside, the group is alleged to exfiltrate large volumes of emails and files.
Despite relying on relatively unsophisticated initial-access methods, MTI notes that Void Blizzard has been effective at collecting information from compromised organisations, particularly government and law-enforcement bodies in NATO countries and states that provide military or humanitarian support to Ukraine. The group’s activity has reportedly affected Ukrainian sectors including education, transportation and defence.
Reactions and Next Steps
A Russian diplomat at the embassy in Thailand, Ilya Ilyin, confirmed to the TASS news agency that a Russian national was detained on Phuket “on suspicion of committing cybercrimes” and said the arrest was reportedly made at the official request of the United States. News organisations have contacted the US Department of Justice for comment.
Thai authorities said Obrezko will remain in custody while Thai courts consider the US extradition request and forensic analysis of the seized devices continues.