A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials.
While the Russians did not actively use the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter, the penetration of the nation’s electrical grid is significant because it represents a potentially serious vulnerability. Government and utility industry officials regularly monitor the nation’s electrical grid because it is highly computerized and any disruptions can have disastrous implications for the function of medical and emergency services.
American officials, including one senior administration official, said they are not yet sure what the intentions of the Russians might have been. The penetration may have been designed to disrupt the utility’s operations or as a test by the Russians to see whether they could penetrate a portion of the grid.
Federal officials have shared the malware code used in Grizzly Steppe with utility executives nationwide, a senior administration official said, and Vermont utility officials identified it within their operations.
While it is unclear which utility reported the incident, there are just two major utilities in Vermont, Green Mountain Power and Burlington Electric.
According to a report by the FBI and the Department of Homeland Security, the hackers involved in the Russian operation used fraudulent emails that tricked their recipients into revealing passwords.
The Russians have been accused in the past of launching a cyberattack on Ukraine’s electrical grid, something they have denied. Cybersecurity experts say a hack in December 2015 destabilized Kiev’s power grid, causing a blackout in part of the Ukrainian capital. On Thursday, Ukranian President Petro Poroshenko accused Russian of waging a cyber war on his country that has entailed 6,500 attacks against Ukranian state institutions over the past two months.
A DHS spokesman declined to comment on the matter Friday.