Forest Blizzard (formerly STRONTIUM) uses a variety of initial access techniques including exploiting vulnerable to web facing applications and, to obtain credentials, spear phishing and the deployment of an automated password spray/brute force tool operating through TOR. Forest Blizzard is equally adept at compromising on-premises environments and those hosted in the cloud and deploys custom tools and malware to support these operations.
Get insights straight from the experts on the Microsoft Threat Intelligence Podcast. Listen now.
Nation State Actor
Forest Blizzard
Also known as: Industries targeted:
APT28, Fancy Bear Government
Diplomatic and defense entities
Country of origin:
Think tanks
Russia
Non-government organizations
Countries targeted: Higher education
Australia IT software and services
Canada Defense contractors
India
Israel
Japan
Ukraine
United States
Follow Microsoft