You may have read in the main-stream media about a U.S. political party having its e-mail
servers hacked and then copies of the e-mails were published on a web-site.
If you'd like to know more, then a 13 page joint
has been released on 29 December 2016 by the National Cybersecurity and Communications
Integration Center (NCCIC) of The Department of Homeland Security (DHS), and the Federal
Bureau of Investigation (FBI).
In reading this report please recognise that "The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information contained
The report commences...
"GRIZZLY STEPPE – Russian Malicious Cyber Activity
This Joint Analysis Report (JAR) is the result of analytic efforts between the Department
of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document
provides technical details regarding the tools and infrastructure used by the Russian
civilian and military intelligence Services (RIS) to compromise and exploit networks and
endpoints associated with the U.S. election, as well as a range of U.S. Government,
political, and private sector entities. The U.S. Government is referring to this malicious
cyber activity by RIS as GRIZZLY STEPPE."
While the report contains many abbreviations, please note that "GRIZZLY STEPPE"
is never written as "Grizzly Steppe" nor is it abbreviated to "GS".
On Page 2...
"Description. The U.S. Government confirms that two different RIS actors participated
in the intrusion into a U.S. political party."
The report does not provide the name of the "U.S. political party". For these
details you'll need to use a search engine to search the Internet.
The Description continues...
"The first actor group, known as Advanced Persistent Threat (APT) 29, entered into
the party’s systems in summer 2015, while the second, known as APT28, entered in spring
Page 4 lists 48 "Alternate Names" of the Russian Military and Civilian
Intelligence Services (RIS). They are not all called names like Advanced Persistent Threat
(APT) 28, APT29, APT30... etc. For example one of them is called "Powershell
Page 8 has the, "Detailed Mitigation Strategies" with a section on "Protect
Against SQL Injection and Other Attacks on Web Services", which states...
"Take steps to harden both Web applications and the servers hosting them to reduce
the risk of network intrusion via this vector."
The "vector" (or "link") is to this webpage...
"Improving Web Application Security: Threats and Countermeasures
J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha
Published: June 2003
Last Revised: January 2006
Internet Information Services (IIS) 5.0
Microsoft Windows® 2000 operating system"
With a last revision date of January 2006 its interesting to be provided with advice on
how to take steps on your Microsoft Windows® 2000 operating system for which mainstream
support ended on June 30, 2005 and extended support ended on July 13, 2010.
UNIX does get one mention in the section "Credentials" on page 10...
"Properly secure password files by making hashed passwords more difficult to acquire.
Password hashes can be cracked within seconds using freely available tools. Consider
restricting access to sensitive password hashes by using a shadow password file or
equivalent on UNIX systems."
While the report has IT related abbreviations such as HTTP, HTTPS, FTP, SQL, etc., here is
a list to aid you with some of the other abbreviations used in the report...
JAR - Joint Analysis Report
NCCIC - National Cybersecurity and Communications Integration Center
DHS - Department of Homeland Security
FBI - Federal Bureau of Investigation
RIS - Russian civilian and military intelligence Services
APT - Advanced Persistent Threat.
RATs - Remote Access Tools
IOCs - Indicators of Compromise
US-CERT - United States Computer Emergency Readiness Team
EMET - Microsoft’s Enhanced Mitigation Experience Toolkit
For additional reading on this report, use a search engine or go