Company raises alert over Russia-linked malware

Code associated with Russian hackers allegedly found on electricity company’s laptop in Vermont, prompting inquiry.

Electric grid USA
Russian hackers may not have been directly involved in the incident [File: Ed Reinke/AP]

Malware code linked to Russian hackers has been detected on a laptop associated with an electricity company in the US state of Vermont but not connected to the grid, according to the company.

The Burlington Electric Department said in a statement on Friday that it took immediate action to isolate the device and alerted federal officials of the finding.

“Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems,” the municipally owned company said.

“We have briefed state officials and will support the investigation fully.”

The Burlington Electric said it checked the devices after the Department of Homeland Security alerted utilities on Thursday night about a code used in Grizzly Steppe, the name the authorities have applied to a Russian campaign linked to recent hacks.

WATCH – Secrets and hacks: Russia’s role in the US election (24:59)

“This attack shows how rampant Russian hacking is. It’s systemic, relentless, predatory,” said Peter Welch, a Vermont Democratic congressman, in a statement.

“They will hack everywhere, even Vermont, in pursuit of opportunities to disrupt our country.”

Welch said the breach also underscores that sanctions President Barack Obama took against Russia this week were warranted.

Peter Shumlin, Vermont’s Democratic governor, said his administration has been in touch with the federal government and the state’s utilities.

“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, [Russian president] Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health and safety,” he said in a statement.

‘Russian meddling’

Shumlin said the hacking episode should highlight the urgent need for the federal government to “vigorously pursue and put an end to this sort of Russian meddling”.

The matched malware code on the laptop may have resulted from a relatively benign episode, such as visiting a questionable website, a source familiar with the matter said, suggesting Russian hackers may not have been directly involved.

It was not clear when the incident occurred.

Jody Westby, CEO of Global Cyber Risk and an adjunct professor at Georgia Institute of Technology’s School of Computer Science, told Al Jazeera the incident has been overly dramatised.

“It is very important to take any malware that’s found seriously and investigate it, but it is equally important not to overly dramatise it. And I am afraid that’s what’s happening in this case,” she said.

She said the malware found on the laptop was the type that was able to just extract information from the device, but it could not possibly disrupt the functioning of the utility systems, even if the laptop was connected to the grid.

On Friday night, a US intelligence official who was familiar with the incident and critical of Russian actions said: “This intrusion by itself was a minor incident that caused no damage.

“However, we are taking it seriously because it has been tracked to familiar entities involved in a much broader and government-directed campaign in cyberspace and because the electric grid is a vulnerable and interconnected part of the nation’s critical infrastructure.”

President Barack Obama on Thursday ordered the expulsion of 35 Russian suspected spies and imposed sanctions on two Russian intelligence agencies over their alleged involvement in hacking US political groups in the 2016 presidential election.

Source: Al Jazeera, News Agencies