Malware code linked to Russian hackers has been detected on a laptop associated with an electricity company in the US state of Vermont but not connected to the grid, according to the company.
The Burlington Electric Department said in a statement on Friday that it took immediate action to isolate the device and alerted federal officials of the finding.
“Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems,” the municipally owned company said.
“We have briefed state officials and will support the investigation fully.”
The Burlington Electric said it checked the devices after the Department of Homeland Security alerted utilities on Thursday night about a code used in Grizzly Steppe, the name the authorities have applied to a Russian campaign linked to recent hacks.
“This attack shows how rampant Russian hacking is. It’s systemic, relentless, predatory,” said Peter Welch, a Vermont Democratic congressman, in a statement.
“They will hack everywhere, even Vermont, in pursuit of opportunities to disrupt our country.”
Welch said the breach also underscores that sanctions President Barack Obama took against Russia this week were warranted.
Peter Shumlin, Vermont’s Democratic governor, said his administration has been in touch with the federal government and the state’s utilities.
“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, [Russian President] Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” Shumlin said in a statement.
He said the hacking episode should highlight the urgent need for the federal government to “vigorously pursue and put an end to this sort of Russian meddling”.
The matched malware code on the laptop may have resulted from a relatively benign episode, such as visiting a questionable website, a source familiar with the matter said, suggesting Russian hackers may not have been directly involved.
It was not clear when the incident occurred.
“This intrusion by itself was a minor incident that caused no damage,” a US intelligence official familiar with the incident and critical of Russian actions said on Friday night.
“However, we are taking it seriously because it has been tracked to familiar entities involved in a much broader and government-directed campaign in cyberspace and because the electric grid is a vulnerable and interconnected part of the nation’s critical infrastructure.”
On Thursday, President Barack Obama ordered the expulsion of 35 Russian suspected spies and imposed sanctions on two Russian intelligence agencies over their involvement in hacking US political groups in the 2016 presidential election.