GRIZZLY STEPPE – Russian Malicious Cyber Activity

russian bear photo
Photo by foundin_a_attic

The information contained on this page is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). The joint DHS and FBI products provide technical details on the tactics, techniques, and procedures used by Russian government cyber actors. The intent of sharing this information is to enable network defenders to identify and reduce exposure to Russian malicious cyber activity, which the U.S. Government refers to as GRIZZLY STEPPE.

For more information, see:

  • April 16, 2018: Technical Alert (TA18-106A) – Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices
  • March 15, 2018: Technical Alert (TA18-074A) – Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors
  • February 15, 2018: Technical Alert (TA17-181A) – Petya Ransomware originally published July 1, 2017
  • February 10, 2017: Analysis Report (AR-17-20045) – Enhanced Analysis of GRIZZLY STEPPE Activity (PDF)
  • December 29, 2016: Joint Analysis Report (JAR-16-20296A) GRIZZLY STEPPE – Russian Malicious Cyber Activity (PDF)
    • CSV file for JAR-16-20296A
    • STIX file for JAR-16-20296A