Forest Blizzard

Actor Type	Nation State
Attributed to Nation	Russia
Directly Linked Intrusion Sets	ITG05 , APT28 , Fancy Bear , STRONTIUM
Associated Threat Actor	GRU Unit 26165

Forest Blizzard is an intrusion set tracked by researchers at Microsoft and formerly known by them as STRONTIUM. The group reportedly shows overlap with APT28, Fancy Bear, Pawn Storm, Sofacy Group, and Iron Twilight. Public reporting links the group to the Russian Main Directorate/Main Intelligence Directorate of the General Staff of the Armed Forces (GRU) Unit 26165.

Cyber Threat Graph Context

Explore how this Intrusion Set relates to the wider threat graph

Forest Blizzard Threat Reports

Report

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

This blog post by researchers at Microsoft Threat Intelligence outlines activity they observed by Forest Blizzard using a tool they named ...

View Source

References

Forest Blizzard

Cyber Threat Graph Context

Forest Blizzard Threat Reports

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

References

www.microsoft.com

securityintelligence.com

learn.microsoft.com

www.quorumcyber.com

www.microsoft.com