
Russia’s Forest Blizzard Is Abusing Home + Small Office Routers for Cred Theft
From Microsoft Threat Intelligence Podcast by Microsoft
May 6, 2026 · 52 min · Season 3 · Episode 68
About this episode
The episode discusses how the Russian state-linked threat actor Forest Blizzard exploits home and small office routers for credential theft and surveillance.
This week on the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo speaks with Danny Adamitis, Distinguished Engineer at Lumen Technologies’ Black Lotus Labs who break down how the Russian state-linked threat actor Forest Blizzard is exploiting home and small office routers to hijack DNS traffic, enabling large-scale surveillance and targeted credential theft. The conversation highlights how this low-cost approach scales globally, why unmanaged routers have become a critical weak point, and how tactics, from brute force to token theft to DNS hijacking continue to evolve. In this episode you’ll learn: How Forest Blizzard exploits home routers to intercept DNS traffic Why unmanaged routers are a major blind spot in modern security How tactics have evolved from brute force to token-based access Some questions we ask: What defines Forest Blizzard and how they operate? How does this impact machine-to-machine or service account security? What are the broader third-party or downstream risks? Resources: View Danny Adamitis on LinkedIn View Sherrod DeGrippo on LinkedIn Justice Department Conducts Court-Authorized Disruption of DNS Hijacking Network Controlled by a Russian…
People in this episode
Host: Sherrod DeGrippo
Guest: Danny Adamitis
Topics covered
- cybersecurity
- DNS hijacking
- credential theft
- threat intelligence
- router vulnerabilities
- Russian threat actors
Keywords
- Forest Blizzard
- DNS traffic
- credential theft
- unmanaged routers
- cyber threats
- security vulnerabilities
- token theft
- brute force attacks
Mentioned in this episode
Organizations: Lumen Technologies, Black Lotus Labs, Microsoft, Justice Department, Microsoft Security Insider
More episodes of Microsoft Threat Intelligence Podcast
- Supply Chain Attacks: Open Source or Open Door? · June 3, 2026 · 39 min
- Eviltokens: A Conversation with Huntress on an AI‑Enabled Device Code Phishing Campaign · May 20, 2026 · 42 min
- The Cybercrime Shift: From Opportunistic Attacks to Marketplace-Driven Ecosystem · April 22, 2026 · 40 min
- Ransomware: From Isolated Attacks to Global Criminal Ecosystem · April 8, 2026 · 48 min
- Winter SHIELD: Closing the Security Control Gap · March 25, 2026 · 37 min
- AI as Tradecraft: How Threat Actors Are Operationalizing AI · March 11, 2026 · 22 min
Explore listener stats, chart rankings, contacts and more on the Microsoft Threat Intelligence Podcast podcast page.