This is the Trace Id: 3b5be10b7d9082097941540b040b648d

Unmasking cyberthreat actors: Join Microsoft Security at Black Hat 2025 in August. Register now.

Nation State Actor

Forest Blizzard

Download
Share
Blue hexagon pattern with O/O text.
Forest Blizzard (formerly STRONTIUM) uses a variety of initial access techniques including exploiting vulnerable to web facing applications and, to obtain credentials, spear phishing and the deployment of an automated password spray/brute force tool operating through TOR. Forest Blizzard is equally adept at compromising on-premises environments and those hosted in the cloud and deploys custom tools and malware to support these operations.  

DETAILS

Also known as:

  • APT28, Fancy Bear

Country of origin:

  • Russia

Countries targeted:

  • Australia
  • Canada
  • India
  • Israel
  • Japan
  • Ukraine
  • United States

Industries targeted:

  • Government
  • Diplomatic and defense entities
  • Think tanks
  • Non-government organizations
  • Higher education
  • IT software and services
  • Defense contractors

Microsoft Threat Intelligence: Recent Forest Blizzard Articles

Disrupting cyberattacks targeting Ukraine

Learn more

STRONTIUM: Detecting new patterns in credential harvesting

Learn more

Our commitment to our customers’ security

Learn more

Follow Microsoft Security