Forest Blizzard (formerly STRONTIUM) uses a variety of initial access techniques including exploiting vulnerable to web facing applications and, to obtain credentials, spear phishing and the deployment of an automated password spray/brute force tool operating through TOR. Forest Blizzard is equally adept at compromising on-premises environments and those hosted in the cloud and deploys custom tools and malware to support these operations.
Nation State Actor
Forest Blizzard
Also known as: Industries targeted:
APT28, Fancy Bear Government
Diplomatic and defense entities
Country of origin:
Think tanks
Russia
Non-government organizations
Countries targeted: Higher education
Australia IT software and services
Canada Defense contractors
India
Israel
Japan
Ukraine
United States