Vermont utility finds alleged Russian malware on computer
(CNN) The indicators from the malicious software found on a Burlington Electric Company laptop match those on malware found in the Democratic National Committee computers that the US government has blamed on Russians, the Department of Homeland Security said Saturday.
DHS spokesman Todd Breasseale said the department’s investigation into the cyber intrusion on the computer is ongoing and he couldn’t comment further.
The DHS’s acknowledgment is the first such confirmation by the government that the malware is the same as the code used in malicious cyber activity that the US government has blamed on Russian hackers attempting to influence November’s election.
It comes a day after Burlington Electric announced it found the malicious software on a computer that was not connected to its grid control systems.
Both the Department of Homeland Security and the utility said Saturday there are no indications that the electric grid was breached.
Burlington Electric General Manager Neale Lunderville told CNN’s Suzanne Malveaux that the utility found an Internet address that was associated with recent malicious cyber activity, and that IP address was communicating with a company computer.
“We immediately isolated the machine, pulled it off the network, alerted federal authorities and began to work with them,” he said.
Burlington Electric, which serves 19,600 customers in Vermont, said it found the code after utility companies nationwide were sent an alert by Homeland Security.
The federal government refers to the Russian malicious cyber activity as Grizzly Steppe. Officials involved in the investigation of the malware say they do not believe it was an attempt to bring down part of the electric grid.
One reason why, they cited, is that Burlington Electric is a small utility and therefore the impact would not be as great as if it were a larger company with many more customers.
The Washington Post first reported the existence of the malicious software.
Burlington Electric issued a statement Saturday saying that any reports that the company was hacked or breached are false. It added there are no indications that customer information was accessed.
Gov. Shumlin calls Putin a “thug”
Vermont Gov. Peter Shumlin didn’t hold back in a scathing message issued Friday that linked Russian President Vladimir Putin to the cyber threat.
“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” said Shumlin in a written statement.
Shumlin, a Democrat, called on the federal government to investigate and take action to prevent future attacks.
“This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling,” said Shumlin.
US Sen. Patrick Leahy, D-Vermont, said he and his staff were briefed Friday by Vermont state police about the development, which he called a “direct threat to Vermont.”
“State-sponsored Russian hacking is a serious threat, and the attempts to penetrate the electric grid through a Vermont utility are the latest example,” Leahy said.
“This is beyond hackers having electronic joyrides — this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter.”
A US government official with knowledge of the investigation told CNN on Saturday it’s not yet known “the full scope or intent, or if this was an isolated event or not.”
After weeks of ramped-up accusations about Russian hacking around the US election, the White House announced plans Thursday to expel 35 Russian diplomats — giving them and their families 72 hours to leave the country — and shuttering a pair of Russian compounds in New York and Maryland used by officials, in theory, for recreational purposes.
The Russian government has denied the hacking allegations.
The DHS and the FBI made a 13-page report public Thursday with information about the malware code — which was found on Democratic National Committee computers — and urged entities to check for it.
Targets? ‘Government, think tanks, universities’
The report said activity by Russian civilian and military intelligence services is “part of an ongoing campaign of cyber-enabled operations directed at the US government and its citizens.” Russian operations went after “government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations,” according to the report.
The hackers sent fake emails, texts and other messages attempting to get US users to click on malicious links, US officials have said. Some links led users to download the malware while others prompted people to change their passwords, which the hackers could then use.
A US official who wanted to remain anonymous told CNN that the Obama administration sought to alert utilities and other entities in the United States and abroad to the malicious activity so they could better secure their networks.
In December 2015, Ukraine was struck by a massive cyberattack that cut power to 103 cities and towns and affected 186 more. The attack involved a team of sophisticated hackers who targeted six power companies at the same time, US officials briefed on an investigation into the attack told CNN in February.
Destructive malware wrecked computers and wiped out sensitive control systems for parts of the Ukraine power grid, making it more difficult for technicians to restore power.
The attack raised major concerns because the US power grid and other major industrial facilities have many of the same vulnerabilities that were exploited in the Ukraine attack, US officials told CNN.
In February, Elizabeth Sherwood-Randall, the Obama administration’s deputy energy secretary, accused Russia of being behind the cyberattack.
Other top US intelligence and security officials said then that the evidence wasn’t conclusive enough to tie the Russian government to the attack.
CNN’s Kevin Liptak, Vivian Kuo and Joe Sutton contributed to this report.