Summary: Microsoft Threat Intelligence and Dutch intelligence security services (AIVD and MIVD) have observed a new Russia-affiliated threat actor conducting espionage operations targeting organizations that are important to Russian government objectives, primarily in government and other critical infrastructure sectors. The new group is tracked as Laundry Bear by Dutch intelligence and Void Blizzard by Microsoft.
Analyst Note: WaterISAC tracks nation-state actor activity, especially among threat actors driven by geopolitical conflict, such as the war in Ukraine. Microsoft assesses that Void Blizzard’s cyberespionage activity disproportionately targets NATO member states and Ukraine, indicating that the actor is likely collecting intelligence to help support Russian strategic objectives. The threat actor’s prolific activity against networks in critical sectors poses a heightened risk to NATO member states and allies to Ukraine in general. Given Russian-affiliated actors’ propensity to target critical infrastructure and the water sector in recent years, WaterISAC is sharing for general awareness.
Original Source: https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/
Additional Reading:
- Risky Bulletin: Dutch intelligence agencies discover a new Russian APT
- Incident Awareness – Suspected Sandworm-Affiliated “Hacking” Group Appears to Annoy Another Utility
- Incident Awareness – What APT Threat Group SANDWORM Might have to do with Recent Incidents at Water Utilities and How you can Protect your Utility
Related WaterISAC PIRs: 6, 6.1, 7, 7.1
