Jump to content



Recommended Posts

Does anyone have information regarding GRIZZLY STEPPE exploits and the use of JAR-16-20296A with ESET products?

The JAR package offers technical details regarding the tools and infrastructure used by Russian civilian and military intelligence services (RIS).

Link to comment
Share on other sites

  • ESET Moderators


ESET's name for this threat actor is Sednit, and has released extensive reports on their activities over the past three years or so.

Here are some of the articles:

And here is a very partial listing from ESET's threat encyclopedia entries:

And here are some direct links to white papers mentioned in the above:

And here are some related links with additional IoCs and related research from ESET's GitHub account:

It would appear that some of the information in the GRIZZLY STEPPE report may have been borrowed from ESET's research, although it is hard to say since no security companies were mentioned in it.

As a reminder, ESET identifies this threat actor as the Sednit group.  ESET makes no claim as to their affiliation (or lack thereof) with any government, as attribution is a matter for governments and outside the scope of ESET's mission.


Aryeh Goretsky


Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...