In December 2016, the FBI and DHS released a Joint Analysis Report entitled, “GRIZZLY STEPPE – Russian Malicious Cyber Activity” about an ongoing cyber campaign against U.S. elections, government and its’ citizens.
In this webinar, “ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe),” Kyle Ehmke, Threat Intelligence Research Team, ThreatConnect, Inc. and Eric Ziegast, Distinguished Distributed Systems Engineer at Farsight Security, Inc., will detail indicators listed in this report -- including over 870 IP addresses for a variety of Russian actors -- as well as reveal new information about this investigation.
They will reveal how over 100 additional indicators were identified using the ThreatConnect platform integrated with Farsight historical passive DNS database, DNSDB. They will also reveal indicators possibly tied to the FANCY BEAR cyberespionage group and how FANCY BEAR sets up its malicious infrastructure.
Kyle Ehmke is a threat intelligence researcher with ThreatConnect and has eight years of experience as a cyber intelligence analyst. Kyle is involved with ThreatConnect's research into Russian election activity and targeted efforts against Bellingcat, WADA, and others.
Eric Ziegast is a Distinguished Distributed Systems Engineer for Farsight Security. As one of Farsight's founding engineers, Eric helped develop the Security Information Exchange (SIE) and continues to provide support to the Engineering and Research teams. He has spoken about SIE, Passive DNS, DDoS attacks, sinkhole collaboration and other topics at industry events including NANOG, M3AAWG, ICANN, DNS-OARC, FIRST and ISOI.