Denis Obrezko, 35, was detained in Phuket and is accused of ties to Void Blizzard, a cyber espionage group Microsoft links to Russian-affiliated activity since April 2024. Thai police seized laptops, phones and digital wallets, and say they acted after an FBI tip. Obrezko is being held in Thailand pending possible extradition to the United States, while the U.S. Department of Justice declined to comment.
Russian Hacker Linked to 'Void Blizzard' Arrested at Phuket Resort, Devices Seized
Denis Obrezko, 35, was detained in Phuket and is accused of ties to Void Blizzard, a cyber espionage group Microsoft links to Russian-affiliated activity since April 2024. Thai police seized laptops, phones and digital wallets, and say they acted after an FBI tip. Obrezko is being held in Thailand pending possible extradition to the United States, while the U.S. Department of Justice declined to comment.
06:04 PM, 11/21/2025Security
Thai authorities have detained 35-year-old Denis Obrezko, a Russian national from Stavropol, at a hotel in Phuket on an international arrest warrant filed at the request of the United States.
Officials say Obrezko is suspected of involvement with the cyber espionage group known as Void Blizzard (also referred to as "Laundry Bear"), which security researchers assess is affiliated with Russian state interests and has been active since April 2024. The group is reported to have targeted organisations across defence, transportation and health sectors in Europe and North America.
"While Void Blizzard has a global reach, their cyber espionage activity disproportionately targets NATO member states and Ukraine, indicating that the actor is likely collecting intelligence to help support Russian strategic objectives,"
Security firm Microsoft Threat Intelligence (MTI) and other researchers attribute tactics such as credential theft and spear-phishing to Void Blizzard. MTI reported that the group compromised multiple accounts at a Ukrainian aviation organisation previously targeted in 2022 and, in April 2025, ran a spear-phishing operation that impersonated an organiser of the European Defence and Security Summit to deliver malicious PDF attachments to about 20 NGOs in Europe and the US.
Analysts note operational overlap between Void Blizzard and other Russia-linked clusters, including Forest Blizzard, Midnight Blizzard and Seashell Blizzard. Forest Blizzard has been linked to password-spray attacks against air traffic controllers in NATO countries and to earlier intrusions into Ukrainian aviation networks.
Thai police said they arrested Obrezko on Nov. 6 after he arrived in the country on Oct. 30 and that laptops, mobile phones and digital wallets were seized during the operation. Thailand's Cyber Crime Investigation Bureau said it acted after a tip from the FBI that a high-profile hacker was travelling to Thailand.
Obrezko is being held in Thailand pending potential extradition to the United States. The U.S. Department of Justice declined to comment on extradition proceedings or provide further details. Separate media reports of another alleged Russian hacker, Aleksey Lukashev, being arrested at the same resort were denied by Thai police, who said Lukashev remains a wanted fugitive.
This case highlights continuing international cooperation in responding to state-linked cyber espionage and the growing focus on protecting critical infrastructure from credential-theft and phishing-based intrusions.