Russian Cyber-Hacker Arrested in Thailand, Faces US Extradition

A Russian national, identified as Denis Obrezko, has been arrested on the Thai island of Phuket as part of a United States extradition request related to cyber-crime allegations. The arrest occurred on November 6, 2023, following a joint operation conducted by the FBI and Thai authorities, one week after Obrezko entered the country.

The Thai Cyber Crime Investigation Bureau (CCIB) reported that Obrezko is suspected of being affiliated with the notorious hacking group known as Void Blizzard. This group has been recognized by Microsoft for conducting cyber espionage operations that align with Russian government interests. The CCIB stated that Obrezko had reportedly breached security systems and attacked government agencies in both Europe and the United States.

Following his arrest, Obrezko was taken into custody at the Criminal Court in Bangkok, where he will remain pending his extradition to the United States. Local police located him at a hotel, where they seized several electronic devices, including a notebook computer, mobile phone, and digital wallet, for forensic analysis.

Details of the Allegations and Group Activities

According to Microsoft Threat Intelligence (MTI), Void Blizzard has been involved in targeting organizations opposed by Russia, focusing on sectors such as government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare in both the United States and Europe, particularly Ukraine. MTI noted, “They often use stolen sign-in details that they likely buy from online marketplaces to gain access to organizations.” Once inside, they reportedly steal substantial amounts of emails and files.

Russian diplomat Ilya Ilyin, from the Russian embassy in Thailand, confirmed the detention of a Russian citizen on suspicion of cyber-crimes. He stated that the arrest was made “allegedly at the official request of the United States,” as reported by the TASS news agency.

MTI further explained that Void Blizzard employs basic initial access techniques, such as “password spraying,” where common passwords are applied across multiple usernames, and utilizing stolen authentication details. Despite the simplicity of these methods, the group has proven effective in accessing and extracting information from compromised organizations in critical sectors.

Void Blizzard frequently targets government and law enforcement entities, especially in NATO countries and those providing military or humanitarian assistance to Ukraine. Their activities have significantly impacted various sectors in Ukraine, including education, transportation, and defense.

The United States Department of Justice has been contacted for comments regarding the extradition proceedings. As the case unfolds, Obrezko’s arrest highlights ongoing international efforts to combat cyber-crime and the implications of state-sponsored hacking.