GRIZZLY STEPPE – Russian Malicious Cyber Activity

Published on Author MCDC

This Joint Analysis Report (JAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE.

Obama Strikes Back at Russia for Election Hacking

In an earlier statement from Hawaii, Mr. Obama took a subtle dig at Mr. Trump, who has consistently cast doubt on the intelligence showing that the Russian government was deeply involved in the hacking.

The U.S. Government confirms that two different RIS actors participated in the intrusion into a U.S. political party. The first actor group, known as Advanced Persistent Threat (APT) 29, entered into the party’s systems in summer 2015, while the second, known as APT28, entered in spring 2016.

Figure 1: The tactics and techniques used by APT29 and APT 28 to conduct cyber intrusions against target systems

Download (PDF, Unknown)