Just a few days ago, the FBI and the Department of Homeland Security released a report detailing their assessment that Russian hackers were behind a series of attacks on US agencies and citizens. While the Obama administration issued sanctions, code linked to those hackers has been shared with other agencies, and on Friday, the Burlington Electric Department found malware with a matching signature on one of its laptops. The discovery raises more questions than it answers, but with recent reports of Russian hackers attacking the power grid in Ukraine, it obviously has raised alerts all over.
The Washington Post first reported the finding, suggesting that Russian hackers had gained access to the electrical grid via the Vermont utility, however the company’s statement says there’s no indication that happened. In a statement, it said the laptop in question was not connected to grid systems. Vermont Public Service Commissioner Christopher Recchia told the Burlington Free Press that the grid was not in danger.
Because it’s not clear exactly what matched, there’s a possibility that it could be the result of a false positive, or shared code. Also, it’s not clear when or how the malware got on the laptop. Based on those reasons, a number of security professionals on Twitter suggested waiting for more details before crediting this finding to Grizzly Steppe (a name attributed to the Russian attacks in Wednesday’s report).
So far, no other utilities or agencies have reported anything similar, but we will update this post if more information comes to light.
Update (1/3): The Burlington Electric Department issued a followup statement, in which it changes the description of what has been identified. Now it refers to the findings as “suspicious internet traffic,” and says that “Federal officials have indicated that this specific type of Internet traffic also has been observed elsewhere in the country and is not unique to Burlington Electric.”
The Washington Post has a new article as well, admitting that its initial assertion about the grid being penetrated was inaccurate. According to the paper’s sources, government investigators found evidence of a “Neutrino” software package used to deliver malware on the laptop, which does not appear to be connected to Grizzly Steppe.