A code associated with a broad Russian hacking campaign dubbed Grizzly Steppe by the Obama administration has been detected on a laptop associated with a Vermont electric utility but not connected to the grid, the utility said on Friday.
“We took immediate action to isolate the laptop and alerted federal officials of this finding,” the Burlington Electric Department said in a statement.
“Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully.”
The Department of Homeland Security alerted utilities on Thursday night about a malware code used in Grizzly Steppe, the Burlington Electric Department said.
“We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems,” it said.
The matched malware code on the laptop may have resulted from a relatively benign episode, such as visiting a questionable website, a source familiar with the matter said, suggesting Russian hackers may not have been directly involved.
It was not clear when the incident occurred.
On Thursday, President Barack Obama ordered the expulsion of 35 Russian suspected spies and imposed sanctions on two Russian intelligence agencies over their involvement in hacking U.S. political groups in the 2016 presidential election.
The statement came after a Washington Post report that Russian hackers penetrated a Vermont utility. Government and utility industry officials regularly monitor the nation’s electrical grid because it is highly computerized and any disruptions can have disastrous implications for the functioning of medical and emergency services, the Post said.
A senior Obama administration official said the administration had sought in its sanctions announcement on Thursday to alert “all network defenders” in the United States so they could “defend against Russian malicious cyber activity.”
The Department of Homeland Security did not immediately respond to a request for comment.
“This intrusion by itself was a minor incident that caused no damage,” a U.S. intelligence official familiar with the incident and critical of Russian actions said on Friday night.
“However, we are taking it seriously because it has been tracked to familiar entities involved in a much broader and government-directed campaign in cyberspace and because the electric grid is a vulnerable and interconnected part of the nation’s critical infrastructure,” the official said.
Russia is widely considered responsible by U.S. officials and private-sector security experts for a December 2015 hack of Ukraine’s power grid that knocked out the lights for about 250,000 people. That hack prompted National Security Agency chief Mike Rogers to say at a conference in March that it was a “matter of when, not if” a cyber adversary carried out a similar attack against the United States.
(Reporting by Eric Beech, Jeff Mason, Dustin Volz and John Walcott; Editing by Michael Perry)