Jump to content

GRIZZLY STEPPE attacks

RayS

By RayS
in ESET Endpoint Products

 Share

Recommended Posts

RayS

RayS 0

Posted
Posted

Does anyone have information regarding GRIZZLY STEPPE exploits and the use of JAR-16-20296A with ESET products?

The JAR package offers technical details regarding the tools and infrastructure used by Russian civilian and military intelligence services (RIS).

Link to comment
Share on other sites
  • ESET Moderators
Aryeh Goretsky

Aryeh Goretsky 378

Posted
  • ESET Moderators
Posted

Hello,

ESET's name for this threat actor is Sednit, and has released extensive reports on their activities over the past three years or so.

Here are some of the articles:

And here is a very partial listing from ESET's threat encyclopedia entries:

And here are some direct links to white papers mentioned in the above:

And here are some related links with additional IoCs and related research from ESET's GitHub account:

It would appear that some of the information in the GRIZZLY STEPPE report may have been borrowed from ESET's research, although it is hard to say since no security companies were mentioned in it.

As a reminder, ESET identifies this threat actor as the Sednit group.  ESET makes no claim as to their affiliation (or lack thereof) with any government, as attribution is a matter for governments and outside the scope of ESET's mission.

Regards,

Aryeh Goretsky

 

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...