How SonicWall UTM blocks GRIZZLY STEPPE malicious cyber activity
03/26/2020 5 10611
This article provides information on GRIZZLY STEPPE, a malicious cyber activity and how the SonicWall blocks it.
GRIZZLY STEPPE is a malicious cyber activity by RIS(Russian Intelligence Services) to exploit the networks associated with U.S. election. This activity includes spear phishing campaigns targeting Universities, government and political organizations. There are 876 IP addresses, 12 FQDNs and more than 20 File hashes that are responsible for this attack. 42% of those IP addresses are part of Tor's evolving network of exit nodes. SonicWall team has looked into this and has taken immense steps to block any relevant attack from these IP addresses, FQDNs and File hashes as efficiently as possible.
Actions taken by the SonicWall Team are as follows:
- Relevant FQDNs were added to CFS as categories 59 and 28 (Malware, Hacking/Proxy)
- Relevant IP Addresses were added to BOTNET LIST
- File Hashes were added to GAV signature database (for the cases where samples have been provided)
DHS and FBI have released a report on GRIZZLY STEPPE cyber activity and that can be accessed using the link DHS and FBI Report on GRIZZLY STEPPE Vulnerability