|An employee walking behind a glass wall with coding symbols at the headquarters of Internet security giant Kaspersky in Moscow, October 17, 2016.|
A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials.
While the Russians did not actively use the code to disrupt operations, according to officials who spoke on the condition of anonymity to discuss a security matter, the discovery underscores the vulnerabilities of the nation’s electrical grid. And it raises fears in the U.S. government that Russian government hackers are actively trying to penetrate the grid to carry out potential attacks.
Officials in government and the utility industry regularly monitor the grid because it is highly computerized and any disruptions can have disastrous implications for the country’s medical and emergency services.
Burlington Electric said in a statement that the company detected a malware code used in the Grizzly Steppe operation in a laptop that was not connected to the organization’s grid systems. The firm said it took immediate action to isolate the laptop and alert federal authorities.
Friday night, Vermont Gov. Peter Shumlin (D) called on federal officials “to conduct a full and complete investigation of this incident and undertake remedies to ensure that this never happens again.”
“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” Shumlin said in a statement. “This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling.”
Sen. Patrick J. Leahy (D-Vt.) said he was briefed on the attempts to penetrate the electric grid by Vermont State Police on Friday evening. “This is beyond hackers having electronic joy rides — this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter,” Leahy said in a statement. “That is a direct threat to Vermont and we do not take it lightly.”
American officials, including one senior administration official, said they are not yet sure what the intentions of the Russians might have been. The incursion may have been designed to disrupt the utility’s operations or as a test to see whether they could penetrate a portion of the grid.
Officials said that it is unclear when the code entered the Vermont utility’s computer, and that an investigation will attempt to determine the timing and nature of the intrusion, as well as whether other utilities were similarly targeted.
“The question remains: Are they in other systems and what was the intent?” a U.S. official said.
This week, officials from the Department of Homeland Security, FBI and the Office of the Director of National Intelligence shared the Grizzly Steppe malware code with executives from 16 sectors nationwide, including the financial, utility and transportation industries, a senior administration official said. Vermont utility officials identified the code within their operations and reported it to federal officials Friday, the official said.
The DHS and FBI also publicly posted information about the malware Thursday as part of a joint analysis report, saying that the Russian military and civilian services’ activity “is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens.”
Another senior administration official, who also spoke on the condition of anonymity to discuss security matters, said in an email that “by exposing Russian malware” in the joint analysis report, “the administration sought to alert all network defenders in the United States and abroad to this malicious activity to better secure their networks and defend against Russian malicious cyber activity.”
According to the report by the FBI and DHS, the hackers involved in the Russian operation used fraudulent emails that tricked their recipients into revealing passwords.
Russian hackers, U.S. intelligence agencies say, earlier obtained a raft of internal emails from the Democratic National Committee, which were later released by WikiLeaks during this year’s presidential campaign.
President-elect Donald Trump has repeatedly questioned the veracity of U.S. intelligence pointing to Russia’s responsibility for hacks in the run-up to the Nov. 8 election. He also has spoken highly of Russian President Vladimir Putin, despite President Obama’s suggestion that the approval for hacking came from the highest levels of the Kremlin.
Trump spokesman Sean Spicer said it would be “highly inappropriate to comment” on the incident given the fact that Spicer has not been briefed by federal authorities at this point.
Obama has been criticized by lawmakers from both parties for not retaliating against Russia before the election. But officials said the president was concerned that U.S. countermeasures could prompt a wider effort by Moscow to disrupt the counting of votes on Election Day, potentially leading to a wider conflict.
Officials said Obama also was concerned that taking retaliatory action before the election would be perceived as an effort to help the campaign of Democratic presidential nominee Hillary Clinton.
On Thursday, when Obama announced new economic measures against Russia and the expulsion of 35 Russian officials from the United States in retaliation for what he said was a deliberate attempt to interfere with the election, Trump told reporters, “It’s time for our country to move on to bigger and better things.”
Trump has agreed to meet with U.S. intelligence officials next week to discuss allegations surrounding Russia’s online activity.
Russia has been accused in the past of launching a cyberattack on Ukraine’s electrical grid, something it has denied. Cybersecurity experts say a hack in December 2015 destabilized Kiev’s power grid, causing a blackout in part of the Ukrainian capital. On Thursday, Ukranian President Petro Poroshenko accused Russia of waging a hacking war on his country that has entailed 6,500 attacks against Ukranian state institutions over the past two months.
Since at least 2009, U.S. authorities have tracked efforts by China, Russia and other countries to implant malicious software inside computers used by U.S. utilities. It is unclear if the code used in those earlier attacks was similar to what was found in the Vermont case. In November 2014, for example, federal authorities reported that a Russian malware known as BlackEnergy had been detected in the software controlling electric turbines in the United States.
The Russian Embassy did not immediately respond to a request for comment. Representatives for the Energy Department and DHS declined to comment Friday.
Russian Hacking Malware Found on Vermont Utility Computer
Malware associated with Russian hackers was found on a computer belonging to a utility company in Vermont, according to the company.
After being alerted last night by the Department of Homeland Security about malware code used in Grizzly Steppe, Russia's hacking campaign against U.S. political institutions, Burlington Electric Department performed a scan, the utility said in a statement.
"We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems," the statement said. "We took immediate action to isolate the laptop and alerted federal officials of this finding."
The laptop was not connected to the Vermont Electric Cooperative’s grid systems, Department of Homeland Security spokesman Todd Breassdale said today.
"While our analysis continues, we currently have no information that indicates that the power grid was penetrated in this cyber incident," Breassdale said, adding that the organization took immediate steps to isolate the laptop and alerted federal authorities.
It is unclear what the intent was in delivering the malware.
Vermont Democratic Congressman Peter Welch said the discovery of the malware code is further evidence of "predatory" steps by Russia against the U.S.
"This attack shows how rampant Russian hacking is. It's systemic, relentless, predatory," Welch said in a statement. "They will hack everywhere, even Vermont, in pursuit of opportunities to disrupt our country."
Vermont Sen. Patrick Leahy, also a Democrat, said, "This is beyond hackers having electronic joy rides -- this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter. That is a direct threat to Vermont, and we do not take it lightly."
Other utilities in Vermont said Friday that they were not impacted.
Vermont Electric Cooperative, which has about 32,000 customers said in a statement Friday, "In regard to the recent Department of Homeland Security malware code alert, VEC has no evidence of a threat to our system."
And Green Mountain Power, which serves about 265,000, said it wasn't affected either. "GMP did not self-report a security incident," the utility said in a statement. "Our teams have done a complete systems check and found no security concerns. GMP was also recently thoroughly reviewed for safety by the U.S. Department of Homeland Security. The company will continue to rigorously monitor our system and remain vigilant."
Democratic Gov. Peter Shumlin said his office is in touch with federal officials and the state's utilities.
"Vermonters and all Americans should be both alarmed and outraged that one of the world's leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety," he said in a statement.
He said the hacking episode should highlight the urgent need for the federal government to "vigorously pursue and put an end to this sort of Russian meddling."
Code Associated With Russia Hacking Found On Vermont Utility Computer
A code associated with a broad Russian hacking campaign dubbed Grizzly Steppe by the Obama administration has been detected on a laptop associated with a Vermont electric utility but not connected to the grid, the utility said on Friday.
“We took immediate action to isolate the laptop and alerted federal officials of this finding,” the Burlington Electric Department said in a statement.
“Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully.”
The Department of Homeland Security alerted utilities on Thursday night about a malware code used in Grizzly Steppe, the Burlington Electric Department said.
“We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems,” it said.
The matched malware code on the laptop may have resulted from a relatively benign episode, such as visiting a questionable website, a source familiar with the matter said, suggesting Russian hackers may not have been directly involved.
It was not clear when the incident occurred.
On Thursday, President Barack Obama ordered the expulsion of 35 Russian suspected spies and imposed sanctions on two Russian intelligence agencies over their involvement in hacking U.S. political groups in the 2016 presidential election.
The statement came after a Washington Post report that Russian hackers penetrated a Vermont utility. Government and utility industry officials regularly monitor the nation’s electrical grid because it is highly computerized and any disruptions can have disastrous implications for the functioning of medical and emergency services, the Post said.
A senior Obama administration official said the administration had sought in its sanctions announcement on Thursday to alert “all network defenders” in the United States so they could “defend against Russian malicious cyber activity.”
The Department of Homeland Security did not immediately respond to a request for comment.
“This intrusion by itself was a minor incident that caused no damage,” a U.S. intelligence official familiar with the incident and critical of Russian actions said on Friday night.
“However, we are taking it seriously because it has been tracked to familiar entities involved in a much broader and government-directed campaign in cyberspace and because the electric grid is a vulnerable and interconnected part of the nation’s critical infrastructure,” the official said.
Russia is widely considered responsible by U.S. officials and private-sector security experts for a December 2015 hack of Ukraine’s power grid that knocked out the lights for about 250,000 people. That hack prompted National Security Agency chief Mike Rogers to say at a conference in March that it was a “matter of when, not if” a cyber adversary carried out a similar attack against the United States.