A suspected Russian hacker is in U.S. custody after being extradited from Thailand and has been charged with facilitating a campaign of cyberattacks carried out by a Russia-aligned group that victimized numerous U.S. companies.

Denis Obrezko, who was arrested in Thailand in November, made his initial appearance in federal court in Boston on Tuesday in connection with a case that U.S. authorities alleged concerned a large-scale cyber espionage campaign being carried out by a group known as Void Blizzard.

The 36-year-old was charged with conspiring to commit unauthorized access to a protected computer and is now being held without bond in a case that is being prosecuted by the U.S. Department of Justice’s National Security Division.

The Justice Department had no comment on Wednesday, and a court-appointed lawyer for Obrezko did not respond to a request for comment.

Thailand’s Ministry of Foreign Affairs said in a statement the Thai government’s decision to extradite Obrezko was in accordance with Thailand’s domestic law and its obligations under the related treaties on extradition, “while fully respecting the due process of law of the defendant.”

Void Blizzard had been flagged by Microsoft in a May 2025 report as what it said was a new group that it had observed conducting cyber espionage activity against organizations important to Russian government objectives.

Active since at least April 2024, Void Blizzard’s activity has primarily targeted organizations in NATO member states and Ukraine across multiple sectors, including government, defense, transportation, media, healthcare and non-governmental organizations, Microsoft said.

An FBI agent in an affidavit filed in connection with the case against Obrezko said Void Blizzard’s activity has focused primarily on mass email harvesting across a wide range of U.S. business sectors and industries.

The FBI has identified at least 11 U.S. companies that have been hacked, a number that is believed to be just a fraction of Void Blizzard’s victims, the court filing said.

According to charging documents, the FBI linked Obrezko to cryptocurrency transactions that were carried out to buy a virtual private server and domain name that were used to conduct attacks targeting companies in the United States and elsewhere.

—

(Reporting by Nate Raymond in Boston and Poppy McPherson in Bangkok; Editing by David Gregorio, Alexandra Hudson)