A Russian man seeking extradition from the United States on suspicion of cybercrime has been arrested on the Thai holiday island of Phuket, local police said.
According to Thai police, Denis Obretzko is a member of the notorious group Void Blizzard, a cyber espionage group recognized by Microsoft for hacking attacks in line with Kremlin interests.
The 35-year-old man was arrested in a joint operation between the FBI and Thai authorities on November 6, a week after he entered the country on a flight to Phuket, according to the Thai Cyber Crime Investigation Bureau (CCIB).
“This individual has previously breached security systems and attacked government agencies in both Europe and the United States,” the CCIB said in a statement Friday.
He will be held at a Bangkok criminal court until his extradition to the United States.
Local police tracked Obretzko to a hotel room where they discovered electronic devices, including a laptop, mobile phone and digital wallet, which were seized for forensic examination, police said.
Microsoft Threat Intelligence (MTI) previously warned Void Blizzard of targeting organizations opposed by Russia, noting that it was focused on governments, defense, transportation, media, NGOs, and healthcare sectors in the United States and Europe, including Ukraine.
“They often use stolen sign-in information, likely purchased from online marketplaces, to gain access to organizations,” the researchers said in a statement. “Once compromised, a large amount of email and files are stolen.”
Ilya Ilyin, a Russian diplomat at the Russian embassy in Thailand, confirmed that a Russian national was detained in Phuket last week “on suspicion of committing cybercrimes” and that the arrest was “allegedly at the official request of the United States,” according to TASS news agency.
CNN has reached out to the U.S. Department of Justice for comment.
According to MTI research, Void Blizzard is known to use rudimentary techniques for initial access such as “password spraying,” which systematically applies a common password to multiple usernames, and the use of stolen credentials.
“Despite the lack of sophistication in its initial access methods, Void Blizzard was effective in gaining access to and gathering information from compromised organizations in critical areas,” MTI added.
According to MTI, Void Blizzard regularly targets government and law enforcement agencies, particularly those providing military and humanitarian aid to NATO countries and Ukraine.
The group’s activities affect various sectors of Ukraine, including education, transportation, and defense.
