Code associated with Russia hacking found on Vermont utility computer
WASHINGTON
(Reuters) - A code associated with a broad Russian hacking campaign
dubbed Grizzly Steppe by the Obama administration has been detected on a
laptop associated with a Vermont electric utility but not connected to
the grid, the utility said on Friday.
"We
took immediate action to isolate the laptop and alerted federal
officials of this finding," the Burlington Electric Department said in a
statement.
"Our
team is working with federal officials to trace this malware and
prevent any other attempts to infiltrate utility systems. We have
briefed state officials and will support the investigation fully."
The
Department of Homeland Security alerted utilities on Thursday night
about a malware code used in Grizzly Steppe, the Burlington Electric
Department said.
"We
acted quickly to scan all computers in our system for the malware
signature. We detected the malware in a single Burlington Electric
Department laptop not connected to our organization’s grid systems," it
said.
The
matched malware code on the laptop may have resulted from a relatively
benign episode, such as visiting a questionable website, a source
familiar with the matter said, suggesting Russian hackers may not have
been directly involved.
It was not clear when the incident occurred.
On
Thursday, President Barack Obama ordered the expulsion of 35 Russian
suspected spies and imposed sanctions on two Russian intelligence
agencies over their involvement in hacking U.S. political groups in the
2016 presidential election.
The statement came after a Washington Post report that Russian hackers penetrated a Vermont utility.
Government
and utility industry officials regularly monitor the nation's
electrical grid because it is highly computerized and any disruptions
can have disastrous implications for the functioning of medical and
emergency services, the Post said.
A
senior Obama administration official said the administration had sought
in its sanctions announcement on Thursday to alert "all network
defenders" in the United States so they could "defend against Russian
malicious cyber activity."
The Department of Homeland Security did not immediately respond to a request for comment.
"This
intrusion by itself was a minor incident that caused no damage," a U.S.
intelligence official familiar with the incident and critical of
Russian actions said on Friday night.
"However,
we are taking it seriously because it has been tracked to familiar
entities involved in a much broader and government-directed campaign in
cyberspace and because the electric grid is a vulnerable and
interconnected part of the nation's critical infrastructure," the
official said.
Russia
is widely considered responsible by U.S. officials and private-sector
security experts for a December 2015 hack of Ukraine's power grid that
knocked out the lights for about 250,000 people. That hack prompted
National Security Agency chief Mike Rogers to say at a conference in
March that it was a "matter of when, not if" a cyber adversary carried
out a similar attack against the United States.
(Reporting by Eric Beech, Jeff Mason, Dustin Volz and John Walcott; Editing by Michael Perry)