X

No Russian attempt to hack Vermont power grid found

Burlington Electric Department now says code associated with Russian hackers wasn't on its employee's laptop.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
See full bio
Laura Hautala
2 min read
the-dark-web-hi-res-8629.jpg

Code associated with Grizzly Steppe -- a hacking technique US officials attribute to Russia -- was not found at a Vermont electrical utility, despite reports last week.

 James Martin/CNET

Someone browses the internet on his work laptop. The laptop connects to a potentially malicious IP address. Nothing happens.

It's a garden variety internet risk. Just part of being a 21st century digital citizen.

On Friday evening, however, a similar and apparently benign event led to a report that Russian hackers may have penetrated the US electrical grid through a Vermont utility. The report, written by The Washington Post and summarized by CNET News, said Burlington Electric Department had found code associated with Russian hackers on an employee's computer. Initially the Post reported the hackers had penetrated the grid, but then said the code was isolated to a single employee laptop.

More investigation, however, showed a simpler and less alarming event: The computer had only visited an internet address that is sometimes associated with malicious activity.

"We detected suspicious internet traffic in a single Burlington Electric Department computer not connected to our organization's grid systems," said Burlington Electric Department general manager Neale F. Lunderville in a statement posted on the Burlington Electric Department homepage as of Monday. "We took immediate action to isolate the laptop and alerted federal officials of this finding."

The utility had been scanning its systems for a particular type of malicious code, according to Lunderville's statement. The code is associated with a hacking technique called Grizzly Steppe by US officials, who say the technique is likely used by Russian hackers.

The Department of Homeland Security and Federal Bureau of Investigation released an analysis of Grizzly Steppe on Thursday, the same day the Obama administration announced sanctions against Russia for its role in hacks on US political organizations during the 2016 national election.

When Burlington Electric Department found the "suspicious internet traffic," it reported it to federal authorities, Lunderville said in his statement.

According to a follow-up story in the Post, unnamed federal authorities leaked news of the investigation "without having all the facts and before law enforcement officials were able to investigate further."

Investigators did find some malicious code on the Vermont utility's computer, though it was unrelated to Grizzly Steppe. Rather, it was a set of software tools called Neutrino that are "commonly used by cybercriminals to deliver malware," the Post said.

Burlington Electric Department did say on Saturday it found "the malware" on the laptop, but that wording now appears to have been removed from the utility's initial statement.