Sponsor of the Day:
Jerkmate
https://www.csoonline.com/article/4155632/forest-blizzard-leverages-router-compromises-to-launch-aitm-attacks-target-outlook-sessions.html
Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions | CSO...
Apr 8, 2026 - By altering DNS settings on vulnerable devices, Forest Blizzard redirects users to malicious infrastructure to capture credentials and session data, says...
forest blizzardattacks targetleveragesroutercompromises
https://detection.fyi/sigmahq/sigma/emerging-threats/2024/ta/forest-blizzard/file_event_win_apt_forest_blizzard_constrained_js/
Forest Blizzard APT - JavaScript Constrained File Creation | Detection.FYI
Detects the creation of JavaScript files inside of the DriverStore directory. Forest Blizzard used this to exploit the CVE-2022-38028 vulnerability in Windows …
file creation detectionforest blizzardaptjavascriptconstrained
https://www.lumen.com/blog-and-news/en-us/frostarmada-forest-blizzard-dns-hijacking
Frostarmada forest blizzard dns hijacking
A DNS setting change on a single router can quietly reroute an entire network’s authentication traffic. In FrostArmada, Lumen observed Forest Blizzard using...
forest blizzarddns hijacking