#cyberisques : White House / FBI Russian Hacking

Communication : White House / FBI Russian Hacking 











This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service referenced in this advisory or otherwise. This document is distributed as


Subject to standard copyright rules,


information may be distributed without restriction. For more information on the Traffic Light Protocol, see https://www.us-cert.gov/tlp.

Reference Number: JAR-16-20296

December 29, 2016

GRIZZLY STEPPE – Russian Malicious Cyber Activity

Summary :

This Joint Analysis Report (JAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities.

The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE. Previous JARs have not attributed malicious cyber activity to specific countries or threat actors. However, public attribution of these activities to RIS is supported by technical indicators from the U.S. Intelligence Community, DHS, FBI, the private sector, and other entities. This determination expands upon the Joint Statement released October 7, 2016, from the Department of Homeland Security and the Director of National Intelligence on Election Security.

This activity by RIS is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens. These cyber operations have included spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations leading to the theft of information. In foreign countries, RIS actors conducted damaging and/or disruptive cyber-attacks, including attacks on critical infrastructure networks. In some cases, RIS actors masqueraded as third parties, hiding behind false online personas designed to cause the victim to misattribute the source of the attack. This JAR provides technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to the indicators provided, and information on how to report such incidents to the U.S. Government.






Le groupe Advanced Persistent Threat 28, ou APT 28 (ex Fancy Bear) vraisemblablement actif depuis 2008 est présenté comme proche du GRU,(renseignement militaire russe). Plusieurs cyber-attaques récentes sont évoquées avec des attributions à ce groupe (TV5 Monde, en 2015, et celui du siège de l’OSCE, à Vienne en decembre 2016 ainsi que les cyber-attaques sur les "élections US" ). 

En savoir plus: http://www2.fireeye.com/rs/fireye/images/rpt-apt28.pdf










L’accès à l'intégralité de nos articles (dossiers


"expertises / compliance", enquêtes,


interviews exclusives, tendances chiffrées,


retours d'expérience par secteurs...) est


réservé à nos abonné(e)s


Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.





Les dossiers de Cyber Risques News

CYBERISQUES.COM premier service de Veille "Business & Cyber Risks" pour les dirigeants et membres des COMEX/CODIR

Renseignements   Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.



Informations supplémentaires