Russia hacked Vermont utility, report says

U.S. officials said they are not yet sure of the purpose of the intrusion in the Vermont utility’s system, according to the Washington Post. The name of the utility breached was not specified.

However, in a Facebook post late Friday, Burlington Electric revealed that it was the electric utility that was attacked by Russian malware. After receiving notice from DHS of the “Grizzly Steppe” code, the utility said it detected the malware in a single laptop that was not connected to its grid systems.

“We took immediate action to isolate the laptop and alerted federal officials of this finding. Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully,” the utility said.

In a statement Friday, Vermont Sen. Patrick Leahy said the state-sponsored Russian hacking is “a serious threat.”

“My staff and I were briefed by Vermont State Police Colonel Matthew Brimingham this evening,” he said. “This is beyond hackers having electronic joy rides – this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter. That is a direct threat to Vermont and we do not take it lightly.”

The provocation would not be the first time Russia has been blamed for an attack on another country’s electric grid. Ukraine pointed a finger at Russian hackers after a cyberattack briefly disrupted services last year.

The FBI/DHS report found that the hackers sent, as part of a spearphishing campaign, emails containing a malicious link tricking recipients into changing their passwords.