#forestblizzard — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #forestblizzard, aggregated by home.social.
-
https://www.europesays.com/britain/10074/ UK NCSC says APT28 exploits routers for DNS hijacking, enabling large-scale traffic interception #AdversaryInTheMiddle #AiTM #APT28 #AuthenticationToken #CredentialHarvesting #CyberOperations #DHCP #DNSHijacking #espionage #FancyBear #ForestBlizzard #MilitaryIntelligence #NCSC #NetworkCompromise #RouterConfigurations #routers #SednitGang #Sofacy #Strontium #TrafficInterception #UK #UnitedKingdom #vulnerabilities
-
FrostArmada: All thriller, no (malware) filler
#ForestBlizzard
https://www.lumen.com/blog-and-news/en-us/frostarmada-forest-blizzard-dns-hijacking -
📢 Russian-linked #ForestBlizzard hackers hijack home routers for global surveillance, as Microsoft warns that thousands of devices are compromised to intercept traffic and sensitive data.
Read: https://hackread.com/russian-forest-blizzard-hackers-hijack-home-routers/
-
https://www.europesays.com/ee/148861/ USA tegi kahjutuks ruuteritesse häkkinud GRU võrgustiku | Välismaa #apt28 #BfV #BreakingNews #BreakingNews #EE #Eesti #EestiKeel #Estonia #Estonian #FancyBear #FBI #FeaturedNews #FeaturedNews #ForestBlizzard #gchq #GRU #Headlines #LatestNews #LatestNews #mikrotik #ncsc #News #PopulaarseimadLood #ruuterid #TopStories #TopStories #TpLink #ÜldisedUudised #Uudised #VeneHäkkerid #ViimasedUudised
-
Warnung aus UK 🇬🇧 : Russische Cyberkriminelle kapern Router zum Passwort-Klau | heise online https://www.heise.de/news/Warnung-aus-UK-Russische-Cyberkriminelle-kapern-Router-zum-Passwort-Klau-11247959.html #CyberCrime #Russland 🇷🇺 #Russia 🇷🇺 #APT28 #ForestBlizzard #FancyBear #STRONTIUM #Sednit #Sofacy
-
Warnung aus UK 🇬🇧 : Russische Cyberkriminelle kapern Router zum Passwort-Klau | heise online https://www.heise.de/news/Warnung-aus-UK-Russische-Cyberkriminelle-kapern-Router-zum-Passwort-Klau-11247959.html #CyberCrime #Russland 🇷🇺 #Russia 🇷🇺 #APT28 #ForestBlizzard #FancyBear #STRONTIUM #Sednit #Sofacy
-
Warnung aus UK 🇬🇧 : Russische Cyberkriminelle kapern Router zum Passwort-Klau | heise online https://www.heise.de/news/Warnung-aus-UK-Russische-Cyberkriminelle-kapern-Router-zum-Passwort-Klau-11247959.html #CyberCrime #Russland 🇷🇺 #Russia 🇷🇺 #APT28 #ForestBlizzard #FancyBear #STRONTIUM #Sednit #Sofacy
-
Warnung aus UK 🇬🇧 : Russische Cyberkriminelle kapern Router zum Passwort-Klau | heise online https://www.heise.de/news/Warnung-aus-UK-Russische-Cyberkriminelle-kapern-Router-zum-Passwort-Klau-11247959.html #CyberCrime #Russland 🇷🇺 #Russia 🇷🇺 #APT28 #ForestBlizzard #FancyBear #STRONTIUM #Sednit #Sofacy
-
Russia Hacked Routers to Steal Microsoft Office Tokens
https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/
#NationalCyberSecurityCentre #InternetofThings(IoT) #Ne'er-Do-WellNews #ALittleSunshine #MicrosoftOffice #LatestWarnings #TheComingStorm #BlackLotusLabs #ForestBlizzard #DannyAdamitis #RyanEnglish #FancyBear #MikroTik #TP-Link #APT28 #Lumen
-
Russia Hacked Routers to Steal Microsoft Office Tokens
https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/
#NationalCyberSecurityCentre #InternetofThings(IoT) #Ne'er-Do-WellNews #ALittleSunshine #MicrosoftOffice #LatestWarnings #TheComingStorm #BlackLotusLabs #ForestBlizzard #DannyAdamitis #RyanEnglish #FancyBear #MikroTik #TP-Link #APT28 #Lumen
-
Russia Hacked Routers to Steal Microsoft Office Tokens
https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/
#NationalCyberSecurityCentre #InternetofThings(IoT) #Ne'er-Do-WellNews #ALittleSunshine #MicrosoftOffice #LatestWarnings #TheComingStorm #BlackLotusLabs #ForestBlizzard #DannyAdamitis #RyanEnglish #FancyBear #MikroTik #TP-Link #APT28 #Lumen
-
Russia Hacked Routers to Steal Microsoft Office Tokens
https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/
#NationalCyberSecurityCentre #InternetofThings(IoT) #Ne'er-Do-WellNews #ALittleSunshine #MicrosoftOffice #LatestWarnings #TheComingStorm #BlackLotusLabs #ForestBlizzard #DannyAdamitis #RyanEnglish #FancyBear #MikroTik #TP-Link #APT28 #Lumen
-
Russia Hacked Routers to Steal Microsoft Office Tokens
https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/
#NationalCyberSecurityCentre #InternetofThings(IoT) #Ne'er-Do-WellNews #ALittleSunshine #MicrosoftOffice #LatestWarnings #TheComingStorm #BlackLotusLabs #ForestBlizzard #DannyAdamitis #RyanEnglish #FancyBear #MikroTik #TP-Link #APT28 #Lumen
-
SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks
#ForestBlizzard #Storm_2754
https://www.microsoft.com/en-us/security/blog/2026/04/07/soho-router-compromise-leads-to-dns-hijacking-and-adversary-in-the-middle-attacks/ -
From TV5Monde to Govt: France Blames Russia’s APT28 for Cyberattacks – Source:hackread.com https://ciso2ciso.com/from-tv5monde-to-govt-france-blames-russias-apt28-for-cyberattacks-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #ForestBlizzard #cybersecurity #CyberAttacks #CyberAttack #BlueDelta #FancyBear #Hackread #security #TV5Monde #France #Sednit #Sofacy #APT28
-
From TV5Monde to Govt: France Blames Russia’s APT28 for Cyberattacks – Source:hackread.com https://ciso2ciso.com/from-tv5monde-to-govt-france-blames-russias-apt28-for-cyberattacks-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #ForestBlizzard #cybersecurity #CyberAttacks #CyberAttack #BlueDelta #FancyBear #Hackread #security #TV5Monde #France #Sednit #Sofacy #APT28
-
From TV5Monde to Govt: France Blames Russia’s APT28 for Cyberattacks – Source:hackread.com https://ciso2ciso.com/from-tv5monde-to-govt-france-blames-russias-apt28-for-cyberattacks-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #ForestBlizzard #cybersecurity #CyberAttacks #CyberAttack #BlueDelta #FancyBear #Hackread #security #TV5Monde #France #Sednit #Sofacy #APT28
-
From TV5Monde to Govt: France Blames Russia’s APT28 for Cyberattacks – Source:hackread.com https://ciso2ciso.com/from-tv5monde-to-govt-france-blames-russias-apt28-for-cyberattacks-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #ForestBlizzard #cybersecurity #CyberAttacks #CyberAttack #BlueDelta #FancyBear #Hackread #security #TV5Monde #France #Sednit #Sofacy #APT28
-
From TV5Monde to Govt: France Blames Russia’s APT28 for Cyberattacks https://hackread.com/tv5monde-govt-france-russia-apt28-cyberattacks/ #ForestBlizzard #Cybersecurity #CyberAttacks #CyberAttack #BlueDelta #FancyBear #Security #TV5Monde #France #Sednit #Sofacy #APT28
-
From TV5Monde to Govt: France Blames Russia’s APT28 for Cyberattacks https://hackread.com/tv5monde-govt-france-russia-apt28-cyberattacks/ #ForestBlizzard #Cybersecurity #CyberAttacks #CyberAttack #BlueDelta #FancyBear #Security #TV5Monde #France #Sednit #Sofacy #APT28
-
From TV5Monde to Govt: France Blames Russia’s APT28 for Cyberattacks https://hackread.com/tv5monde-govt-france-russia-apt28-cyberattacks/ #ForestBlizzard #Cybersecurity #CyberAttacks #CyberAttack #BlueDelta #FancyBear #Security #TV5Monde #France #Sednit #Sofacy #APT28
-
From TV5Monde to Govt: France Blames Russia’s APT28 for Cyberattacks https://hackread.com/tv5monde-govt-france-russia-apt28-cyberattacks/ #ForestBlizzard #Cybersecurity #CyberAttacks #CyberAttack #BlueDelta #FancyBear #Security #TV5Monde #France #Sednit #Sofacy #APT28
-
Nearest Neighbor Attack: Angriff über WLAN des Nachbarn | Security https://www.heise.de/news/US-Firma-ueber-benachbarte-WLAN-Geraete-Dritter-angegriffen-10129358.html #CyberCrime #APT28 #FancyBear #ForestBlizzard #Sofacy #GruesomeLarch
-
Nearest Neighbor Attack: Angriff über WLAN des Nachbarn | Security https://www.heise.de/news/US-Firma-ueber-benachbarte-WLAN-Geraete-Dritter-angegriffen-10129358.html #CyberCrime #APT28 #FancyBear #ForestBlizzard #Sofacy #GruesomeLarch
-
Nearest Neighbor Attack: Angriff über WLAN des Nachbarn | Security https://www.heise.de/news/US-Firma-ueber-benachbarte-WLAN-Geraete-Dritter-angegriffen-10129358.html #CyberCrime #APT28 #FancyBear #ForestBlizzard #Sofacy #GruesomeLarch
-
Good day everyone!
The Microsoft Threat Intel team has recently dropped some new #ForestBlizzard TTPs and behaviors! They take a look at the malware the group used, named GooseEgg, and reveal how it set up a scheduled task for persistence calling on a batch file named servtask.bat. Find much more information in the article, but I am not going to spoil it! Enjoy and Happy Hunting!
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #gethunting
-
Russian APT28 Exploiting Windows Vulnerability with GooseEgg Tool https://www.hackread.com/russia-apt28-windows-vulnerability-gooseegg-tool/ #ForestBlizzard #Vulnerability #CyberAttacks #FancyBear #Microsoft #Security #GooseEgg #Windows #Russia #APT28
-
This analysis of #APT28 aka #ForestBlizzard methodology is being reported all over as though it were special. And while it may be "unique" to the group, it's just...not that special.
Everything I see here should be detected by modern standard defenses. This attack chain doesn't even read like an APT to me; it reads like a cybercrime group.
What am I missing? -
Microsoft reported that APT28 (Fancy Bear, Forest Blizzard) used a custom tool to elevate privileges and steal credentials in compromised networks. This GooseEgg tool leveraged CVE-2022-38028 (7.8 high, disclosed 11 October 2022 by Microsoft; Windows Print Spooler Elevation of Privilege Vulnerability) as a zero-day since at least June 2020 (possibly as early as April 2019) which was 2 years 4 months. APT28 is publicly attributed to Russian General Staff Main Intelligence Directorate (GRU). IOC provided. 🔗 https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
cc: @serghei @campuscodi @briankrebs @jwarminsky
#APT28 #cyberespionage #Russia #FancyBear #ForestBlizzard #CVE_2022_38028 #eitw #activeexploitation #GooseEgg
-
#Microsoft, #OpenAI say #US rivals use artificial intelligence in hacking
Microsoft says #Russia, #China, #Iran and #NorthKorea have all used #AI to improve their abilitiesFrom their report they say they are spying on users::
In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries—tracked as #ForestBlizzard, #EmeraldSleet, #CrimsonSandstorm, #CharcoalTyphoon, and #SalmonTyphoon—using #LLM to augment cyberoperations.
https://www.washingtonpost.com/technology/2024/02/14/us-adversaries-using-artificial-intelligence-boost-hacking-efforts/ -
#Microsoft, #OpenAI say #US rivals use artificial intelligence in hacking
Microsoft says #Russia, #China, #Iran and #NorthKorea have all used #AI to improve their abilitiesFrom their report they say they are spying on users::
In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries—tracked as #ForestBlizzard, #EmeraldSleet, #CrimsonSandstorm, #CharcoalTyphoon, and #SalmonTyphoon—using #LLM to augment cyberoperations.
https://www.washingtonpost.com/technology/2024/02/14/us-adversaries-using-artificial-intelligence-boost-hacking-efforts/ -
#Microsoft, #OpenAI say #US rivals use artificial intelligence in hacking
Microsoft says #Russia, #China, #Iran and #NorthKorea have all used #AI to improve their abilitiesFrom their report they say they are spying on users::
In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries—tracked as #ForestBlizzard, #EmeraldSleet, #CrimsonSandstorm, #CharcoalTyphoon, and #SalmonTyphoon—using #LLM to augment cyberoperations.
https://www.washingtonpost.com/technology/2024/02/14/us-adversaries-using-artificial-intelligence-boost-hacking-efforts/ -
#Microsoft, #OpenAI say #US rivals use artificial intelligence in hacking
Microsoft says #Russia, #China, #Iran and #NorthKorea have all used #AI to improve their abilitiesFrom their report they say they are spying on users::
In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries—tracked as #ForestBlizzard, #EmeraldSleet, #CrimsonSandstorm, #CharcoalTyphoon, and #SalmonTyphoon—using #LLM to augment cyberoperations.
https://www.washingtonpost.com/technology/2024/02/14/us-adversaries-using-artificial-intelligence-boost-hacking-efforts/ -
#Microsoft, #OpenAI say #US rivals use artificial intelligence in hacking
Microsoft says #Russia, #China, #Iran and #NorthKorea have all used #AI to improve their abilitiesFrom their report they say they are spying on users::
In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries—tracked as #ForestBlizzard, #EmeraldSleet, #CrimsonSandstorm, #CharcoalTyphoon, and #SalmonTyphoon—using #LLM to augment cyberoperations.
https://www.washingtonpost.com/technology/2024/02/14/us-adversaries-using-artificial-intelligence-boost-hacking-efforts/ -
#FBI Dismantles #Ubiquiti Router Botnet Controlled by #Russia
“Non-GRU cybercriminals installed the Moobot malware on Ubiquiti #EdgeOS routers that still used publicly known default administrator #passwords. #GRU hackers then used the #Moobot #malware to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber #espionage platform,” agency said
https://www.securityweek.com/fbi-dismantles-ubiquiti-router-botnet-controlled-by-russian-cyberspies/ #ForestBlizzard #Sofacy #FancyBear #APT28Please patch and change #defaultpasswords
-
#FBI Dismantles #Ubiquiti Router Botnet Controlled by #Russia
“Non-GRU cybercriminals installed the Moobot malware on Ubiquiti #EdgeOS routers that still used publicly known default administrator #passwords. #GRU hackers then used the #Moobot #malware to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber #espionage platform,” agency said
https://www.securityweek.com/fbi-dismantles-ubiquiti-router-botnet-controlled-by-russian-cyberspies/ #ForestBlizzard #Sofacy #FancyBear #APT28Please patch and change #defaultpasswords
-
#FBI Dismantles #Ubiquiti Router Botnet Controlled by #Russia
“Non-GRU cybercriminals installed the Moobot malware on Ubiquiti #EdgeOS routers that still used publicly known default administrator #passwords. #GRU hackers then used the #Moobot #malware to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber #espionage platform,” agency said
https://www.securityweek.com/fbi-dismantles-ubiquiti-router-botnet-controlled-by-russian-cyberspies/ #ForestBlizzard #Sofacy #FancyBear #APT28Please patch and change #defaultpasswords
-
#FBI Dismantles #Ubiquiti Router Botnet Controlled by #Russia
“Non-GRU cybercriminals installed the Moobot malware on Ubiquiti #EdgeOS routers that still used publicly known default administrator #passwords. #GRU hackers then used the #Moobot #malware to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber #espionage platform,” agency said
https://www.securityweek.com/fbi-dismantles-ubiquiti-router-botnet-controlled-by-russian-cyberspies/ #ForestBlizzard #Sofacy #FancyBear #APT28Please patch and change #defaultpasswords
-
#FBI Dismantles #Ubiquiti Router Botnet Controlled by #Russia
“Non-GRU cybercriminals installed the Moobot malware on Ubiquiti #EdgeOS routers that still used publicly known default administrator #passwords. #GRU hackers then used the #Moobot #malware to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber #espionage platform,” agency said
https://www.securityweek.com/fbi-dismantles-ubiquiti-router-botnet-controlled-by-russian-cyberspies/ #ForestBlizzard #Sofacy #FancyBear #APT28Please patch and change #defaultpasswords
-
FBI Dismantles Ubiquiti Router Botnet Controlled by Russian Cyberspies https://www.securityweek.com/fbi-dismantles-ubiquiti-router-botnet-controlled-by-russian-cyberspies/ #Malware&Threats #ForestBlizzard #NationState #KVBotnet #APT28 #FBI