Russia-linked malware found on US power company’s laptop in ‘electric grid hack’

Malware code linked to Russian hackers and found on a Vermont electric utility’s computer is further evidence of “predatory” steps taken by that country against the US, a Vermont Democratic congressman said on Saturday.

The Burlington Electric Department confirmed Friday it had found on one of its laptops the malware code used in Grizzly Steppe, the name Homeland Security has applied to a Russian campaign linked to recent hacks. The company said US utilities were alerted by the Department of Homeland Security on Thursday of the code.

“This attack shows how rampant Russian hacking is. It’s systemic, relentless, predatory,” Congressman Peter Welch said in a statement. “They will hack everywhere, even Vermont, in pursuit of opportunities to disrupt our country.”

Welch said the breach also underscores that sanctions President Barack Obama took against Russia this week were warranted. Russia, which has denied hacking US systems, has been accused of interference in the US presidential election by hacking American political sites and email accounts.

The Washington Post first reported on the Vermont utility’s discovery of the malware. Burlington Electric, which is municipally owned, confirmed in an emailed statement that it detected the malware in a laptop not connected to its grid systems. It said it took “immediate action to isolate the laptop and alerted federal officials.”

“Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems,” the company said.

It said it had briefed state officials and would fully support an investigation into the potential Russian hack.

Democratic Governor Peter Shumlin said his administration has been in touch with the federal government and the state’s utilities.

“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, [Russian President] Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” the governor said in a statement.

He said the hacking episode should highlight the urgent need for the federal government to “vigorously pursue and put an end to this sort of Russian meddling”.

Burlington Electric, which says it’s “at the forefront of the green energy revolution”, is one of the state’s two largest electric utilities. The other, Colchester-based Green Mountain Power, said its systems were secure.

Green Mountain Power, which serves about 265,000 residential and business customers, said it was thoroughly reviewed recently for safety by Homeland Security. It said it would continue to rigorously monitor its systems and “remain vigilant”.