Code linked to Russia hackers found in US electricity firm

US expels 35 Russian suspected spies over involvement in hacking US political groups

The Russian embassy in Washington, DC. In retaliation for computer hacking attacks during the US presidential election, US president Barack Obama announced the expulsion of 35 Russian diplomats and the closing of two compounds used by the Russian officials. Photograph: EPA
The Russian embassy in Washington, DC. In retaliation for computer hacking attacks during the US presidential election, US president Barack Obama announced the expulsion of 35 Russian diplomats and the closing of two compounds used by the Russian officials. Photograph: EPA

A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont electric utility, The Washington Post reported on Friday, citing unnamed US officials.

The Russians did not actively use the code to disrupt operations of the utility, the officials told the Post, but penetration of the nation's electrical grid is significant because it represents a potentially serious vulnerability.

Reuters could not independently confirm the story.

On Thursday, president Barack Obama ordered the expulsion of 35 Russian suspected spies and imposed sanctions on two Russian intelligence agencies over their involvement in hacking US political groups in the 2016 presidential election.

READ SOME MORE

Government and utility industry officials regularly monitor the nation’s electrical grid because it is highly computerized and any disruptions can have disastrous implications for the functioning of medical and emergency services, the Post said.

US officials, including one senior administration official, said they are not yet sure what the intentions of the Russians might have been, the Post reported.

Federal officials have shared the malware code used in Grizzly Steppe with utility executives nationwide, a senior administration official said, and Vermont utility officials identified it within their operations, the Post reported.

A senior Obama administration official declined to comment specifically on the Post report but said the administration had sought in its sanctions announcement on Thursday to alert "all network defenders" in the United States so they could "defend against Russian malicious cyber activity."

While it is unclear which utility reported the incident, there are just two major utilities in Vermont, Green Mountain Power and Burlington Electric, the Post said.

The Department of Homeland Security did not immediately respond to a request for comment.

Green Mountain Power and Burlington Electric did not immediately respond to requests for comment.

The penetration may have been designed to disrupt the utility’s operations or as a test by the Russians to see whether they could penetrate a portion of the grid, the newspaper said.

Russia is widely considered responsible by US officials and private-sector security experts for a December 2015 hack of Ukraine's power grid that knocked out the lights for about 250,000 people.

That hack prompted National Security Agency chief Mike Rogers to say at a conference in March that it was a "matter of when, not if" a cyber adversary carried out a similar attack against the United States.

Reuters