Russian alleged cyber-hacker faces extradition to US after arrest in Thailand

By Laura Sharman, Helen Regan, Sean Lyngaas, CNN

(CNN) — A Russian man wanted for extradition by the United States over cyber-crime allegations has been arrested on the Thai holiday island of Phuket, local police have announced.

Denis Obrezko is allegedly part of the notorious group Void Blizzard, Thai police said, a cyber espionage gang recognized by Microsoft for hacking attacks that align with Kremlin interests.

The 35-year-old was arrested on November 6 in a joint operation between the FBI and Thai authorities, one week after entering the country on a flight to Phuket, according to Thailand’s Cyber Crime Investigation Bureau (CCIB).

“This individual had previously breached security systems and attacked government agencies in both Europe and the United States,” the CCIB said Friday.

He will be held at the Criminal Court in Bangkok pending extradition to the US, it said.

Local police had tracked Obrezko down at his hotel room, where they found electronic devices including a notebook computer, mobile phone and digital wallet that were seized for forensic examination, officers said.

Microsoft Threat Intelligence (MTI) previously flagged Void Blizzard for targeting organizations that Russia opposes, noting its focus on government, defense, transport, media, NGOs and healthcare sectors in the United States and Europe, including Ukraine.

“They often use stolen sign-in details that they likely buy from online marketplaces to gain access to organizations,” researchers said in a statement. “Once inside, they steal large amounts of emails and files.”

Russian diplomat Ilya Ilyin, of the Russian embassy in Thailand, confirmed that a Russian citizen was detained on Phuket last week “on suspicion of committing cybercrimes,” and that the arrest was “allegedly at the official request of the United States,” according to the TASS news agency.

CNN has contacted the US Department of Justice for comment.

Tools and tactics

Void Blizzard is known for using basic techniques for initial access, including “password spraying” where common passwords are systematically applied across multiple usernames, and using stolen authentication details, MTI found.

“Despite the lack of sophistication in their initial access methods, Void Blizzard has been effective in gaining access to and collecting information from compromised organizations in critical sectors,” MTI added.

Void Blizzard regularly targets government and law enforcement entities, especially in NATO countries and those offering military or humanitarian aid to Ukraine, MTI said.

The group’s activities have affected various sectors in Ukraine including education, transportation and defense.

The-CNN-Wire
™ & © 2025 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.