Microsoft collaborated with the Netherlands Basic Intelligence and Safety Service (AIVD) and the Netherlands Defence Intelligence and Safety Service (MIVD), which issued a separate advisory on the group. The Dutch providers investigated Void Blizzard after it efficiently compromised the Dutch police in September 2024.
The group’s targets overlap with different identified Russian state-run cyberespionage teams, together with APT28 aka Fancy Bear, APT29 aka Cozy Bear, and Turla aka Venomous Bear, which Microsoft calls Forest Blizzard, Midnight Blizzard, and Secret Blizzard, respectively. In comparison with these teams, nonetheless, Void Blizzard seems to be utilizing much less refined methods to realize preliminary entry.
Password spraying and infostealer information dumps
Up till final month, Void Blizzard relied totally on password spraying, a method that entails brute-force password guessing assaults utilizing lists of frequent or leaked passwords from different data breaches. The group has additionally been shopping for passwords, in addition to session cookies, from underground cybercriminal markets, notably so-called logs obtained from infostealer malware — a rising menace of late.
