RayS 0 Posted January 4, 2017 Share Posted January 4, 2017 Does anyone have information regarding GRIZZLY STEPPE exploits and the use of JAR-16-20296A with ESET products? The JAR package offers technical details regarding the tools and infrastructure used by Russian civilian and military intelligence services (RIS). Link to comment Share on other sites More sharing options...
ESET Moderators Aryeh Goretsky 353 Posted January 4, 2017 ESET Moderators Share Posted January 4, 2017 Hello, ESET's name for this threat actor is Sednit, and has released extensive reports on their activities over the past three years or so. Here are some of the articles: Sednit: A very digested read [2016-11-11] En Route with Sednit: Full Whitepaper [2016-10-27] En route with Sednit - Part 2: Observing the Comings and Goings [2016-10-25] Lifting the lid on Sednit: A closer look at the software it uses [2016-10-25] New ESET research paper puts Sednit under the microscope [2016-10-20] Sednit APT Group Meets Hacking Team [2015-07-10] Sednit Espionage Group Attacking Air-Gapped Networks [2014-11-11] Sednit espionage group now using custom exploit kit [2014-10-08] Back in BlackEnergy*: 2014 Targeted Attacks in Ukraine and Poland [2014-09-22] Miniduke still duking it out [2014-05-20] And here is a very partial listing from ESET's threat encyclopedia entries: Win32/SandaEva Win32/Sednit Win32/USBStealer Win32/Exploit.CVE-2014-1761 And here are some direct links to white papers mentioned in the above: En Route with Sednit - Part 1: Approaching the target [PDF] En Route with Sednit - Part 2: Observing the Comings and Goings [PDF] En Route with Sednit - Part 3: A Mysterious Downloader [PDF] En Route with Sednit: Full Whitepaper [PDF](combines the three preceding reports into one ~140 page report) And here are some related links with additional IoCs and related research from ESET's GitHub account: ESET | Malware-IoC | Sednit Indicators of Compromise ESET | Malware-Research | Miniduke It would appear that some of the information in the GRIZZLY STEPPE report may have been borrowed from ESET's research, although it is hard to say since no security companies were mentioned in it. As a reminder, ESET identifies this threat actor as the Sednit group. ESET makes no claim as to their affiliation (or lack thereof) with any government, as attribution is a matter for governments and outside the scope of ESET's mission. Regards, Aryeh Goretsky Link to comment Share on other sites More sharing options...
Recommended Posts