This week on the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo speaks with Danny Adamitis, Distinguished Engineer at Lumen Technologies’ Black Lotus Labs who break down how the Russian state-linked threat actor Forest Blizzard is exploiting home and small office routers to hijack DNS traffic, enabling large-scale surveillance and targeted credential theft. The conversation highlights how this low-cost approach scales globally, why unmanaged routers have become a critical weak point, and how tactics, from brute force to token theft to DNS hijacking continue to evolve. 

In this episode you’ll learn:      

How Forest Blizzard exploits home routers to intercept DNS traffic 

Why unmanaged routers are a major blind spot in modern security 

How tactics have evolved from brute force to token-based access 

Some questions we ask:     

What defines Forest Blizzard and how they operate? 

How does this impact machine-to-machine or service account security? 

What are the broader third-party or downstream risks? 

Resources:  

View Danny Adamitis on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

Justice Department Conducts Court-Authorized Disruption of DNS Hijacking Network Controlled by a Russian Military Intelligence Unit 

FrostArmada: All thriller, no (malware) filler 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.