Russia’s Forest Blizzard Is Abusing Home + Small Office Routers for Cred Theft

This week on the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo speaks with Danny Adamitis, Distinguished Engineer at Lumen Technologies’ Black Lotus Labs who break down how the Russian state-linked threat actor Forest Blizzard is exploiting home and small office routers to hijack DNS traffic, enabling large-scale surveillance and targeted credential theft. The conversation highlights how this low-cost approach scales globally, why unmanaged routers have become a critical weak point, and how tactics, from brute force to token theft to DNS hijacking continue to evolve. 

In this episode you’ll learn:      

• How Forest Blizzard exploits home routers to intercept DNS traffic 

• Why unmanaged routers are a major blind spot in modern security 

• How tactics have evolved from brute force to token-based access 

Some questions we ask:     

• What defines Forest Blizzard and how they operate? 

• How does this impact machine-to-machine or service account security? 

• What are the broader third-party or downstream risks? 

Resources:  

• View Danny Adamitis on LinkedIn  

• View Sherrod DeGrippo on LinkedIn  

• Justice Department Conducts Court-Authorized Disruption of DNS Hijacking Network Controlled by a Russian Military Intelligence Unit 

• FrostArmada: All thriller, no (malware) filler 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.