Threat Group Cards: A Threat Actor Encyclopedia

Names	Void Blizzard (Microsoft) Laundry Bear (AIVD)
Country	Russia
Motivation	Information theft and espionage
First seen	2024
Description	(Microsoft) Void Blizzard is a new threat actor Microsoft Threat Intelligence has observed conducting espionage operations primarily targeting organizations that are important to Russian government objectives. These include organizations in government, defense, transportation, media, NGOs, and healthcare, especially in Europe and North America. They often use stolen sign-in details that they likely buy from online marketplaces to gain access to organizations. Once inside, they steal large amounts of emails and files. In April 2025, Microsoft Threat Intelligence observed Void Blizzard begin using more direct methods to steal passwords, such as sending fake emails designed to trick people into giving away their login information.
Observed	Sectors: Defense, Education, Government, Healthcare, IT, Law enforcement, Media, Telecommunications, Transportation, NGOs. Countries: Ukraine, NATO.
Tools used
Information	<https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/>

Last change to this card: 27 June 2025

Download this actor card in PDF or JSON format