Threat Management, Malware

Vermont utility laptop with malicious code possibly linked to Russian not connected to electric grid

While Russian hackers associated with the Grizzly Steppe operation didn't penetrate the electric grid in Vermont, investigators have discovered malicious code previously used by the group on a laptop at Burlington Electric, prompting the governor to call for a full probe.

“Vermonters and all Americans should be both alarmed and outraged that one of the world's leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” Vermont Gov. Peter Shumlin was quoted by the Burlington Free Press as saying in a statement. “This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling.”

The utility company said that there was "no indication of compromise to customer information or to the security of our system" and noted it routinely evaluated its systems to uncover vulnerabilities. 

Although the laptop was not connected to the grid, the discovery stoked long-held fears that the U.S. electric grid and other infrastructure are vulnerable to and targets of cyberattack.

Sen. Patrick Leahy (D-Vermont) said in a statement that the intrusion goes “beyond hackers having electronic joy rides — this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter.” 

He called the finding evidence of “a direct threat to Vermont and we do not take it lightly.”

UPDATE: 

After pointing fingers at Russia last week as the source of malware found in the system of a Vermont utility, the Washington Post on Monday issued caveats.

At first, the media outlet linked the discovery in Vermont to operations, also credited to Russia, that struck the Democratic Party in the runup to the 2016 presidential campaign

A number of security experts weighed in last week to debunk the claims citing a lack of substantial evidence. Rather than theory and speculation, they said more insite and perspective should be applied. 

The Washington Post story, for example, stated that Russian code known to have been used by the hacking collective Grizzly Steppe was detected in the Vermont utility. But, the article goes on to state that the discovery "raises fears in the U.S. government that Russian government hackers are actively trying to penetrate the grid to carry out potential attacks."

Experts asked that such analysis step back to offer wider perspective. A package of software tools often employed by cyberthieves to distribute malware, known as Neutrino, does "not appear to be connected with Grizzly Steppe, which U.S. officials have identified as the Russian hacking operation," the Washington Post reported on Monday. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.