The 2025 Microsoft Digital Defense Report is now available! Read the report

Nation State Actor

Forest Blizzard

Forest Blizzard (formerly STRONTIUM) uses a variety of initial access techniques including exploiting vulnerable to web facing applications and, to obtain credentials, spear phishing and the deployment of an automated password spray/brute force tool operating through TOR. Forest Blizzard is equally adept at compromising on-premises environments and those hosted in the cloud and deploys custom tools and malware to support these operations.

DETAILS

Also known as:

Country of origin:

Countries targeted:

Industries targeted:

Threat Actors Nation State

Download

Microsoft Threat Intelligence: Recent Forest Blizzard Articles

Nation State Actor

Forest Blizzard

DETAILS

Also known as:

Country of origin:

Countries targeted:

Industries targeted:

Microsoft Threat Intelligence: Recent Forest Blizzard Articles

Disrupting cyberattacks targeting Ukraine

STRONTIUM: Detecting new patterns in credential harvesting

Our commitment to our customers’ security

Follow Microsoft Security

AI-powered assistant

Can we help you?

AI-powered assistant is available 24x7.