A Vermont utility company said Friday it had found on a company laptop the same kind of malware that US authorities believe was used by Russian hackers in an attempt to influence November’s election.
Burlington Electric said it found the code after utility companies nationwide were sent an alert by the Department of Homeland Security.
The company, which serves 19,600 customers in Vermont, said the malware was on a laptop that is not connected to the organization’s power grid systems.
“Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems,” spokesman Mike Kanarick said.
The federal government refers to the malicious cyber activity as Grizzly Steppe.
US Sen. Patrick Leahy, D-Vermont, said he and his staff were briefed on Friday by Vermont state police about the development, which he called a “direct threat to Vermont.”
“State-sponsored Russian hacking is a serious threat, and the attempts to penetrate the electric grid through a Vermont utility are the latest example,” Leahy said.
“This is beyond hackers having electronic joyrides — this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter.”
After weeks of ramped-up accusations about Russian hacking around the US election, the White House announced plans Thursday to expel 35 Russian diplomats — giving them and their families 72 hours to leave the country — and shuttering a pair of Russian compounds in New York and Maryland used by officials, in theory, for recreational purposes.
The Russian government has denied the hacking allegations.
DHS and FBI made a 13-page report public Thursday with information about the malware code — which was found on Democratic National Committee computers — and urged entities to check for it.
Homeland Security spokesman Todd Breasseale said Friday that the hackers went after “government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations.”
The hackers sent fake emails, texts and other messages attempting to get US users to click on malicious links, US officials have said. Some links led users to download the malware while others prompted people to change their passwords, which the hackers could then use.
A US official who wanted to remain anonymous told CNN that the Obama administration sought to alert utilities and other entities in the United States and abroad to the malicious activity so they could better secure their networks.
In December 2015, Ukraine was struck by a massive cyberattack that cut power to 103 cities and towns and affected 186 more. The attack involved a team of sophisticated hackers who targeted six power companies at the same time, US officials briefed on an investigation into the attack told CNN in February.
Destructive malware wrecked computers and wiped out sensitive control systems for parts of the Ukraine power grid, making it more difficult for technicians to restore power.
The attack raised major concerns because the U.S. power grid and other major industrial facilities have many of the same vulnerabilities that were exploited in the Ukraine attack, U.S. officials told CNN.
In February, Elizabeth Sherwood-Randall, the Obama administration’s deputy energy secretary, accused Russia of being behind the cyberattack.
Other top US intelligence and security officials said then that the evidence wasn’t conclusive enough to tie the Russian government to the attack.