Russia’s Forest Blizzard Is Abusing Home + Small Office Routers for Cred Theft

This week on the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo speaks with Danny Adamitis, Distinguished Engineer at Lumen Technologies’ Black Lotus Labs who break down how the Russian state-linked threat actor Forest Blizzard is exploiting home and small office routers to hijack DNS traffic, enabling large-scale surveillance and targeted credential theft. The conversation highlights how this low-cost approach scales globally, why unmanaged routers have become a critical weak point, and how tactics, from brute force to token theft to DNS hijacking continue to evolve.  In this episode you’ll learn:       How Forest Blizzard exploits home routers to intercept DNS traffic  Why unmanaged routers are a major blind spot in modern security  How tactics have evolved from brute force to token-based access  Some questions we ask:      What defines Forest Blizzard and how they operate?  How does this impact machine-to-machine or service account security?  What are the broader third-party or downstream risks?  Resources:   View Danny Adamitis on LinkedIn   View Sherrod DeGrippo on LinkedIn   Justice Department Conducts Court-Authorized Disruption of DNS Hijacking Network Controlled by a Russian Military Intelligence Unit  FrostArmada: All thriller, no (malware) filler    Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.