Grizzly Steppe: 5 Fasts Facts You Need to Know

Grizzly Steppe

A federal government report pinned election-related hacks on Russia (Getty)

Russia’s cyberattacks dubbed “Grizzly Steppe” not only infiltrated a political party but also threatened the security of the country’s electrical grid, according to US officials.

Just days after US intelligence agencies revealed the extent of Russia’s cyberattacks in a joint analysis report, a Vermont utility company reported it had found code from “Grizzly Steppe” in the its system. Although the infected laptop wasn’t attached to the grid, the hacking attempt underscores vulnerabilities in national infrastructure.

With a Kremlin-friendly president about to take office and retaliatory measures in place for Russia’s interference, things are coming to a head in 2017. Here’s what you need to know about “Grizzly Steppe”.


1. A Vermont Utility Company Reported It Had Found “Grizzly Steppe” Code In its System/h2>

Burlington Electric reported it had discovered Grizzly Steppe malware in its system. The company isolated the infected laptop and alerted federal authorities Friday night. In a statement on its website, Burlington Electric says the computer was not connected to the electrical grid and that no customer information had been compromised. The utility company serves more than 19,600 customers in areas including the City of Burlington and Burlington International Airport. The discovery of malware prompted a public outcry from Vermont’s public officials.

“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” Gov. Peter Shumlin (D-VT) said in a statement. “This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling.”

On its Cyber Security page, Burlington Electric says it has prepared for an “Aurora Vulnerability”, coined after a 2007 Department of Homeland demonstration that showed how cyberattacks could cause a power plant to self-destruct.


2. US Intelligence Agencies Published a Report on Grizzle Steppe Meant to Embarrass Russia

Russia hacks

APT-28 and APT-29 launched spearphishing campaigns to break into systems (US)

US Intelligence Agencies published a report on December 29 detailing the methods Russian actors used to hack a political party. Although the Democratic National Committee wasn’t mentioned, US intelligence agencies say Russian hackers compromised the committee’s system, the Washington Post reports. The 13-page report included code from Grizzly Steppe as well as aliases of Russian operatives.

A US official who wished to remain anonymous told Bloomberg that the report was meant to embarrass the Kremlin by makings its methods public. The Grizzly Steppe malware, which targeted a US political party, happened in two waves. The first wave in 2015 consisted of a spearphishing campaign, where seemingly legitimate emails containing malicious links were sent to over 1000 people. In the spring of 2016, Russian operatives tricked people into changing their passwords through lookalike domain. As a result, email and information was stolen from party members and leaked to the press.


3. Since Election Day, More Attacks related to Grizzly Steppe Have Been Found

Russia cyberattacks

Russian actors continue to wage cyberattacks after the US election (US)

The election may be over, but the operatives behind Grizzly Steppe seem to have some other end in mind. Just days after the November 8 election, the Grizzly Steppe report says another attack was launched.

The two agents involved in Grizzly Steppe were APT-28 and APT-29. The Department of Homeland Security and FBI called out Russian Military and Civilian Intelligence Services in the December 29 report. The report includes a list of precautions organization can take such as reviewing IP addresses, file hashes and an electronic signature included in the report.


4. President-Elect Donald Trump Praised Vladimir Putin for His Response to Obama’s Retaliatory Measures

President-elect Donald Trump expressed skepticism over allegations of Russian hacking, and even praised Russia’s president Vladimir Putin for his measured response to US retaliatory measures. Obama kicked out 35 Russian intelligence operatives suspected of being spies and imposed sanctions on Russian intelligence services on Thursday. Although Russia’s Foreign Minister urged Putin to kick out US diplomats, he said he would not expel anyone.

On Thursday, Trump said in a statement that “it’s time for our country to move on to bigger and better things.” However, he agreed to meet with the intelligence community for a briefing on the recent Russian hacks. Trump took to Twitter on Friday praising Putin as “very smart” for his restrained reaction to US retaliatory measures.


5. The Retaliatory Measures Come After Obama Decided the US Response to Hackers Wasn’t Harsh Enough

President Obama on US response to Russia hack of DNC emailsCommander-in-chief says it's worth taking time to determine appropriate action2016-12-16T20:59:40.000Z

Obama’s strike against Putin on the cusp of his departure struck some not as a bombshell, but a muted response. In a joint statement, Republican Sens. John McCain of Arizona and Lindsey Graham of South Carolina described the sanctions as “long overdue”. The joint statement on McCain’s website pushes for more retaliatory measures.

“Ultimately, they are a small price for Russia to pay for its brazen attack on American democracy. We intend to lead the effort in the new Congress to impose stronger sanctions on Russia.”

In recent weeks, Obama decided that the anti-hacking response he created in April 2015 were not severe enough. A New York Times Investigation found the DNC was slow to respond when the FBI reported it had been hacked in the fall of 2015. When DNC leadership was alerted over the hacks, emails obtained through the hacks were already leaked to several websites including DC Leaks and Wikileaks, according to the Times.