Forest Blizzard (formerly STRONTIUM) uses a variety of initial access techniques including exploiting vulnerable to web facing applications and, to obtain credentials, spear phishing and the deployment of an automated password spray/brute force tool operating through TOR. Forest Blizzard is equally adept at compromising on-premises environments and those hosted in the cloud and deploys custom tools and malware to support these operations.