U.S. States, Leery of Russia Malware, Re-Examine Cybersecurity
. Updated January 03, 2017.
Several states around the country on Saturday are asking cybersecurity experts to re-examine state and utility networks after a Vermont utility's laptop was found to contain malware that U.S. officials say is linked to Russian hackers.
The Burlington Electric Department, one of Vermont's two largest electric utilities, confirmed Friday it had found on one of its laptops the malware code used in Grizzly Steppe -- the name the U.S. government has given to malicious cyber activity by Russian civilian and military intelligence services.
A Burlington Electric Department spokesman said Saturday that federal officials have told the company the threat was not unique to them.
A spokesman for the Department of Homeland Security would not say on Saturday whether any other utilities, organizations or entities had reported similar malware on their systems following the report. The official said any such information would be confidential.
Officials in New York, Rhode Island, Massachusetts and Connecticut said they are more closely monitoring state and utility networks for anything suspicious.
"We specifically have been looking for signatures that match those reported last week by DHS and the FBI related to Russian actors," said Chris Collibee, spokesman for the governor's office in Connecticut. "We have not detected any activity matching the reported malware at this time."
In New York, a spokesman said Democratic Gov. Andrew Cuomo directed all state agencies to re-examine their computer systems for any security breaches. Nothing has been found.
An attack on a U.S. power grid has long been a nightmare scenario for top U.S. officials. National Security Agency and U.S. Cyber Command chief Adm. Michael Rogers have previously warned that it's not a matter of if, but when attackers will also target U.S. power systems. On Dec. 23, 2015, a highly sophisticated cyberattack on the power grid in Ukraine hit three regional electronic power distribution companies within 30 minutes of each other, blacking out more than 225,000 customers.
Vermont Gov. Peter Shumlin said his administration has been in touch with the federal government and the state's utilities.
"Vermonters and all Americans should be both alarmed and outraged that one of the world's leading thugs, (Russian President) Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health and safety," the Democratic governor said in a statement.
Burlington Electric noted it was not connected to the grid system and did not explain how the malware got onto the computer.
The company said U.S. government authorities alerted American utilities about the malware code in a report on Thursday that was released at the same time President Barack Obama announced the U.S. response to election hacking. Obama ordered sanctions on Russian intelligence agencies, closed two Russian compounds and expelled 35 diplomats the U.S. said were really spies.
"Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems," the company said.
A Russian state television channel on Saturday sought to discredit reports linking the malware to the Kremlin.
If Russia is found to be connected to widespread hacking of U.S. utilities, it will make it harder for President-elect Donald Trump to soften anti-Russian sentiment on Capitol Hill where hearings on hacking are scheduled next week.
Rep. Peter Welch, D-Vt., said the incident proves that Obama's response was warranted.
"This attack shows how rampant Russian hacking is. It's systemic, relentless, predatory," Welch said in a statement. "They will hack everywhere, even Vermont, in pursuit of opportunities to disrupt our country."
Sen. Patrick Leahy, D-Vt., said the incident "goes beyond hackers having electronic joy rides" and is just the latest indication that state-sponsored Russian hacking is a serious threat.
The Washington Post first reported on the Vermont utility's discovery of the malware.
The Rossiya state television channel said the Post provided no confirmation that Russia was in fact involved. It said the Post report spoke only about the identification of malicious software code that Washington previously concluded had been used by the Russian intelligence services in the cyberattack on U.S. political institutions.
In a report released Thursday, Homeland Security and the FBI provided technical details about the tools and infrastructure they say Russian civilian and military intelligence services have used to compromise and exploit networks "associated with the U.S. election as well as a range of U.S. government, political and private sector entities."
"This activity by the Russian civilian and military intelligence services is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens," the report said. "These cyber operations have included spear phishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations and corporations leading to the theft of information."
"In some cases, Russian civilian and military intelligence actors masqueraded as third parties, hiding behind false online personas designed to cause the victim to misattribute the source of the attack," according to the 13-page report that suggested actions that government and other organizations can take to mitigate the threat and how to report incidents to the government.