back to top

Russian Hackers Penetrated A US Electric Utility In Vermont

Code from the Russian Grizzly Steppe hacking operation was found within a laptop of Vermont's Burlington Electric, a spokesman said Friday.

Originally posted on
Updated on

Russian hackers breached the computer system of a US electric company, though no actions to actively harm its functions have been found, officials said Friday.

The Burlington Electric Department in Vermont found malware code from the Russian hacking operation known as Grizzly Steppe on a laptop after receiving an alert from the Department of Homeland Security on Thursday, a utility spokesman said. The laptop played no role in operating the electric grid and has since been isolated.

"We took immediate action to isolate the laptop and alerted federal officials of this finding," spokesman Mike Kanarick said in a statement. "Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems."

Citing an unnamed US official, the Washington Post first reported that the Russian hackers' code was found within the computer system of a utility company in Vermont. US intelligence has attributed Grizzly Steppe to Russian military and civilian hackers, who officials say targeted the Democratic National Committee and Hillary Clinton campaign chairman John Podesta ahead of the US election.

The team of hackers was also responsible for cyberattacks on utility grids that caused unprecedented blackouts in Ukraine, the Wall Street Journal reported.

The White House this week levied new sanctions on Russian intelligence services in response to the pre-election hacks. Additionally, 35 Russian intelligence operatives and their families are being expelled.

Since identifying the hacking operation, US officials have shared its code with utility companies around the country. So far, the code has only been found within the system of a Vermont utility — a potentially serious vulnerability that could allow attacks on critical infrastructure, the Post reported.

The breach did not put the local electric grid in any danger, Vermont Public Service Commissioner Christopher Recchia told the Burlington Free Press.

"The grid is not in danger," Recchia said. "The utility flagged it, saw it, notified appropriate parties and isolated that one laptop with that malware on it."

BuzzFeed News has reached out for more information.

What the hackers intended to do by breaching the utility is unknown. Officials told the Post it may have been a test, or hackers may have intended to try to disrupt the electricity grid at a later time.

Claudia Koerner is a reporter for BuzzFeed News and is based in Los Angeles.

Contact Claudia Koerner at claudia.koerner@buzzfeed.com.

Got a confidential tip? Submit it here.