Russia’s Forest Blizzard Is Abusing  Home + Small Office Routers for Cred Theft

Russia’s Forest Blizzard Is Abusing Home + Small Office Routers for Cred Theft

From Microsoft Threat Intelligence Podcast by Microsoft

May 6, 2026 · 52 min · Season 3 · Episode 68

About this episode

The episode discusses how the Russian state-linked threat actor Forest Blizzard exploits home and small office routers for credential theft and surveillance.

This week on the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo speaks with Danny Adamitis, Distinguished Engineer at Lumen Technologies’ Black Lotus Labs who break down how the Russian state-linked threat actor Forest Blizzard is exploiting home and small office routers to hijack DNS traffic, enabling large-scale surveillance and targeted credential theft. The conversation highlights how this low-cost approach scales globally, why unmanaged routers have become a critical weak point, and how tactics, from brute force to token theft to DNS hijacking continue to evolve. In this episode you’ll learn: How Forest Blizzard exploits home routers to intercept DNS traffic Why unmanaged routers are a major blind spot in modern security How tactics have evolved from brute force to token-based access Some questions we ask: What defines Forest Blizzard and how they operate? How does this impact machine-to-machine or service account security? What are the broader third-party or downstream risks? Resources: View Danny Adamitis on LinkedIn View Sherrod DeGrippo on LinkedIn Justice Department Conducts Court-Authorized Disruption of DNS Hijacking Network Controlled by a Russian…

People in this episode

Host: Sherrod DeGrippo

Guest: Danny Adamitis

Topics covered

  • cybersecurity
  • DNS hijacking
  • credential theft
  • threat intelligence
  • router vulnerabilities
  • Russian threat actors

Keywords

  • Forest Blizzard
  • DNS traffic
  • credential theft
  • unmanaged routers
  • cyber threats
  • security vulnerabilities
  • token theft
  • brute force attacks

Mentioned in this episode

Organizations: Lumen Technologies, Black Lotus Labs, Microsoft, Justice Department, Microsoft Security Insider

More episodes of Microsoft Threat Intelligence Podcast

Explore listener stats, chart rankings, contacts and more on the Microsoft Threat Intelligence Podcast podcast page.