On December 29, 2016, the United States Department of Homeland Security and Federal Bureau of Investigation released an important Joint Analysis Report (JAR) regarding their analysis of recent malicious cyber activity against government and private sector entities.
The JAR includes detailed technical information, tools, methods, and indicators of compromise associated with recent and ongoing cyberattacks, as well as important action items and mitigation strategies for organizations.
The Privacy and Information Protection Group at Fasken Martineau is issuing this alert because of the specific technical information and recommendations for action included in the JAR, including the recommendation that "network administrators review the IP addresses, file hashes, and Yara signature provided and add the IPs to their watchlist to determine whether malicious activity has been observed within their organizations." For a complete list of indicators of compromise provided by the Department of Homeland Security in CSV and STIX xml file formats please consult the GRIZZLY STEPPE publication available on the DHS website.
In consultation with internal or external legal counsel regarding the role of legal privilege, including when working with third party information security consultants, Chief Information Security Officers, network administrators or equivalent individuals should review the indicators of compromise and other action items and recommendations in the JAR in order to help assess and manage the state of their organizations' current and ongoing cybersecurity.