Latest in Culture

Image credit: PAUL J. RICHARDS/AFP/Getty Images

Vermont power company finds malware linked to Russian hackers (updated)

A malware signature linked to 'Grizzly Steppe' by the FBI and DHS was found on a single laptop.
1081 Shares
Share
Tweet
Share
Save

Sponsored Links

The Department of Homeland Security logo is seen at the new ICE Cyber Crimes Center expanded facilities in Fairfax, Virginia July 22, 2015. PAUL J. RICHARDS/AFP/Getty Images

Just a few days ago, the FBI and the Department of Homeland Security released a report detailing their assessment that Russian hackers were behind a series of attacks on US agencies and citizens. While the Obama administration issued sanctions, code linked to those hackers has been shared with other agencies, and on Friday, the Burlington Electric Department found malware with a matching signature on one of its laptops. The discovery raises more questions than it answers, but with recent reports of Russian hackers attacking the power grid in Ukraine, it obviously has raised alerts all over.

The Washington Post first reported the finding, suggesting that Russian hackers had gained access to the electrical grid via the Vermont utility, however the company's statement says there's no indication that happened. In a statement, it said the laptop in question was not connected to grid systems. Vermont Public Service Commissioner Christopher Recchia told the Burlington Free Press that the grid was not in danger.

Because it's not clear exactly what matched, there's a possibility that it could be the result of a false positive, or shared code. Also, it's not clear when or how the malware got on the laptop. Based on those reasons, a number of security professionals on Twitter suggested waiting for more details before crediting this finding to Grizzly Steppe (a name attributed to the Russian attacks in Wednesday's report).

So far, no other utilities or agencies have reported anything similar, but we will update this post if more information comes to light.

Update (1/3): The Burlington Electric Department issued a followup statement, in which it changes the description of what has been identified. Now it refers to the findings as "suspicious internet traffic," and says that "Federal officials have indicated that this specific type of Internet traffic also has been observed elsewhere in the country and is not unique to Burlington Electric."

The Washington Post has a new article as well, admitting that its initial assertion about the grid being penetrated was inaccurate. According to the paper's sources, government investigators found evidence of a "Neutrino" software package used to deliver malware on the laptop, which does not appear to be connected to Grizzly Steppe.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1081 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
Canon leaks its EOS 90D DSLR and mirrorless EOS M6 Mark II cameras

Canon leaks its EOS 90D DSLR and mirrorless EOS M6 Mark II cameras

View
Watch the Google Stadia event in 10 minutes

Watch the Google Stadia event in 10 minutes

View
HP's latest gaming headset delivers active cooling, noise cancellation

HP's latest gaming headset delivers active cooling, noise cancellation

View
Samsung's 32-inch Space Gaming Monitor makes room for your PC

Samsung's 32-inch Space Gaming Monitor makes room for your PC

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr