Vermont utility finds alleged Russian malware on computer
By Steve Almasy
(CNN) — A Vermont electric company said Friday it had found on a company laptop the same kind of malicious software that US authorities believe was used by Russian hackers in an attempt to influence November’s election.
Burlington Electric said it found the code after utility companies nationwide were sent an alert by the Department of Homeland Security.
The company, which serves 19,600 customers in Vermont, said the malware was on a laptop that is not connected to the organization’s power grid systems.
“Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems,” spokesman Mike Kanarick said.
The federal government refers to the malicious cyber activity as Grizzly Steppe.
The Washington Post first reported the existence of the malicious software.
Burlington Electric issued a statement Saturday saying that any reports that the company was hacked or breached are false. It added there are no indications that customer information was accessed.
Gov. Shumlin calls Putin a “thug”
Vermont Gov. Peter Shumlin didn’t hold back in a scathing message issued Friday that linked Russian President Vladimir Putin to the cyber threat.
“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” said Shumlin in a written statement.
Shumlin, a Democrat, called on the federal government to investigate and take action to prevent future attacks.
“This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling,” said Shumlin.
US Sen. Patrick Leahy, D-Vermont, said he and his staff were briefed Friday by Vermont state police about the development, which he called a “direct threat to Vermont.”
“State-sponsored Russian hacking is a serious threat, and the attempts to penetrate the electric grid through a Vermont utility are the latest example,” Leahy said.
“This is beyond hackers having electronic joyrides — this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter.”
A US government official with knowledge of the investigation told CNN on Saturday it’s not yet known “the full scope or intent, or if this was an isolated event or not.”
After weeks of ramped-up accusations about Russian hacking around the US election, the White House announced plans Thursday to expel 35 Russian diplomats — giving them and their families 72 hours to leave the country — and shuttering a pair of Russian compounds in New York and Maryland used by officials, in theory, for recreational purposes.
The Russian government has denied the hacking allegations.
The DHS and the FBI made a 13-page report public Thursday with information about the malware code — which was found on Democratic National Committee computers — and urged entities to check for it.
Targets? ‘Government, think tanks, universities’
The report said activity by Russian civilian and military intelligence services is “part of an ongoing campaign of cyber-enabled operations directed at the US government and its citizens.” Russian operations went after “government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations,” according to the report.
The hackers sent fake emails, texts and other messages attempting to get US users to click on malicious links, US officials have said. Some links led users to download the malware while others prompted people to change their passwords, which the hackers could then use.
A US official who wanted to remain anonymous told CNN that the Obama administration sought to alert utilities and other entities in the United States and abroad to the malicious activity so they could better secure their networks.
In December 2015, Ukraine was struck by a massive cyberattack that cut power to 103 cities and towns and affected 186 more. The attack involved a team of sophisticated hackers who targeted six power companies at the same time, US officials briefed on an investigation into the attack told CNN in February.
Destructive malware wrecked computers and wiped out sensitive control systems for parts of the Ukraine power grid, making it more difficult for technicians to restore power.
The attack raised major concerns because the US power grid and other major industrial facilities have many of the same vulnerabilities that were exploited in the Ukraine attack, US officials told CNN.
In February, Elizabeth Sherwood-Randall, the Obama administration’s deputy energy secretary, accused Russia of being behind the cyberattack.
Other top US intelligence and security officials said then that the evidence wasn’t conclusive enough to tie the Russian government to the attack.
CNN’s Evan Perez, Kevin Liptak, Vivian Kuo and Joe Sutton contributed to this report.