All posts tagged: grizzly steppe

Did a Ukrainian University Student Create Grizzly Steppe?

by Petri Krohn 1) U.S. Department of Homeland Security claims that the DNC was hacked by Russian intelligence services using a Russian malware tool they have named Grizzly Steppe or “PAS tool PHP web kit”. They have published a YARA signature file that allows anyone to identify it. https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity 2) Security company Wordefence says Grizzly Steppe is actually P.A.S. web shell, a common malware tool on WordPress sites. They have identified its origin to an Ukrainian download site Profexer.name https://www.wordfence.com/blog/2016/12/russia-malware-ip-hack/ 3) The profexer site presents a SSL certificate that identifies it as pro-os.ru and gives an email address aazzz@ro.ru. https://profexer.name 4) pro-os.ru is offline with the domain registration expired, but Internet Archive has copies from April and May 2015. The photo on the page indicates that they are experts in “deadly” computer viruses. https://web.archive.org/web/20150405005032/http://pro-os.ru/ The contacts given on the pro-os.ru site link to the VK account of Roman Alexeev and the email address roman@pro-os.ru. The VK account has been suspended because of “suspicious activity”. (You need to be logged in to VK to see the …