A laptop associated with a Vermont electric utility but not connected to the grid, a code associated with a broad Russian hacking campaign dubbed Grizzly Steppe by the Obama administration has been detected, the utility said.
“We took immediate action to isolate the laptop and alerted federal officials of this finding,” the Burlington Electric Department said in a statement.
“Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully.”
The Burlington Electric Department said that on Thursday night, the utility was alerted about a malware code used in Grizzly Steppe by the Department of Homeland Security.
“We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems,” it said.
Suggesting Russian hackers may not have been directly involved, a source familiar with the matter was quitedin the media saying that the matched malware code on the laptop may have resulted from a relatively benign episode, such as visiting a questionable website.
It was not clear when the incident occurred.
Over their involvement in hacking U.S. political groups in the 2016 presidential election, on Thursday, President Barack Obama imposed sanctions on two Russian intelligence agencies and ordered the expulsion of 35 Russian suspected spies.
After a Washington Post report that Russian hackers penetrated a Vermont utility, the statement was issued. The Post said that since it is highly computerized and any disruptions can have disastrous implications for the functioning of medical and emergency services, government and utility industry officials regularly monitor the nation’s electrical grid.
In order to alert “all network defenders” in the United States so they could “defend against Russian malicious cyber activity”, the administration had sought in its sanctions announcement on Thursday, sources reportedly told the media.
The Department of Homeland Security did not immediately respond to a request for comment.
“This intrusion by itself was a minor incident that caused no damage,” a U.S. intelligence official familiar with the incident and critical of Russian actions said.
“However, we are taking it seriously because it has been tracked to familiar entities involved in a much broader and government-directed campaign in cyberspace and because the electric grid is a vulnerable and interconnected part of the nation’s critical infrastructure,” the official said.
A December 2015 hack of Ukraine’s power grid that knocked out the lights for about 250,000 people was the handiwork of Russia and this is widely considered responsible by U.S. officials and private-sector security experts. It was a “matter of when, not if” a cyber adversary carried out a similar attack against the United States, said National Security Agency chief Mike Rogers to say at a conference in March, prompted by the hack.
(Adapted from CNBC)