Russian Cyber-Hacker Arrested in Thailand Faces U.S. Extradition

A Russian man, Denis Obrezko, has been arrested in Thailand and is facing extradition to the United States over allegations of cyber-crime. Local police in Phuket announced his arrest on November 6, 2023, following a coordinated operation involving the FBI and Thai authorities. Obrezko is believed to be affiliated with the cyber espionage group known as Void Blizzard, which has been linked to hacking activities that support Russian state interests.

According to the Thailand Cyber Crime Investigation Bureau (CCIB), Obrezko was apprehended in his hotel room shortly after he arrived in Phuket. The authorities discovered several electronic devices, including a notebook computer, a mobile phone, and a digital wallet, which have been seized for forensic examination. The CCIB stated that Obrezko had previously breached security systems and targeted government agencies in both Europe and the United States.

Details of the Arrest and Allegations

Obrezko’s arrest comes just a week after he entered Thailand. The CCIB indicated that the U.S. government had formally requested his extradition. Russian diplomat Ilya Ilyin confirmed the detention of a Russian citizen on suspicion of cyber crimes, noting that it was “allegedly at the official request of the United States,” as reported by the TASS news agency.

The group Void Blizzard, of which Obrezko is allegedly a member, has been flagged by Microsoft Threat Intelligence for its extensive cyber operations targeting entities that Russia opposes. This includes a focus on government, defense, transport, media, non-governmental organizations (NGOs), and healthcare sectors in the United States and Europe, particularly those connected to Ukraine.

Methods Used by Void Blizzard

Researchers from Microsoft have detailed that Void Blizzard employs basic yet effective techniques for initial access to systems. These methods include “password spraying,” where common passwords are applied across multiple accounts, and the use of stolen authentication details. Despite the simplicity of these tactics, the group has effectively compromised organizations in critical sectors.

The CCIB’s findings highlight that Void Blizzard regularly targets government and law enforcement entities, especially in NATO countries and those providing military or humanitarian aid to Ukraine. Their operations have significantly impacted various sectors in Ukraine, including education, transportation, and defense.

As the situation develops, the extradition process will be closely monitored. The implications of Obrezko’s potential return to the U.S. could have significant ramifications for international cyber-crime law enforcement and cooperation between nations in combating cyber threats. The U.S. Department of Justice has been contacted for further comment on the matter.