This is the Trace Id: c8c166870b8fca2abe3334d01cfbf8c5
Skip to main content Security Insider Cyber Pulse Threat landscape Emerging trends Sign up for CISO Digest Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Software companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap

Nation State Actor

Forest Blizzard

Download
Share
A close-up of a planet
Forest Blizzard (formerly STRONTIUM) uses a variety of initial access techniques including exploiting vulnerable to web facing applications and, to obtain credentials, spear phishing and the deployment of an automated password spray/brute force tool operating through TOR. Forest Blizzard is equally adept at compromising on-premises environments and those hosted in the cloud and deploys custom tools and malware to support these operations.  

Also known as:                                                      Industries targeted:

 

APT28, Fancy Bear                                                  Government                                         

                                                                                 Diplomatic and defense entities

Country of origin:

                                                                                 Think tanks

Russia

                                                                                 Non-government organizations

 

Countries targeted:                                              Higher education

 

Australia                                                                  IT software and services                 

 

Canada                                                                    Defense contractors

 

India

 

Israel

 

Japan

 

Ukraine

 

United States

Microsoft Threat Intelligence: Recent Forest Blizzard Articles

Disrupting cyberattacks targeting Ukraine

Learn more

STRONTIUM: Detecting new patterns in credential harvesting

Learn more

Our commitment to our customers’ security

Learn more
Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organisations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store Support Returns Order tracking Recycling Microsoft Store Promise Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education Office Education Educator training and development Deals for students and parents Azure for students
Microsoft AI Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft 365 Copilot Microsoft Teams Small Business Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Microsoft Power Platform Software companies Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Sustainability
English (United Kingdom) Consumer Health Privacy Contact Microsoft Privacy Manage cookies Terms of use Trademarks About our ads EU Compliance DoCs Regulatory reporting