Someone browses the internet on his work laptop. The laptop connects to a potentially malicious IP address. Nothing happens.
It's a garden variety internet risk. Just part of being a 21st century digital citizen.
On Friday evening, however, a similar and apparently benign event led to a report that Russian hackers may have penetrated the US electrical grid through a Vermont utility. The report, written by The Washington Post and summarized by CNET News, said Burlington Electric Department had found code associated with Russian hackers on an employee's computer. Initially the Post reported the hackers had penetrated the grid, but then said the code was isolated to a single employee laptop.
More investigation, however, showed a simpler and less alarming event: The computer had only visited an internet address that is sometimes associated with malicious activity.
"We detected suspicious internet traffic in a single Burlington Electric Department computer not connected to our organization's grid systems," said Burlington Electric Department general manager Neale F. Lunderville in a statement posted on the Burlington Electric Department homepage as of Monday. "We took immediate action to isolate the laptop and alerted federal officials of this finding."
The utility had been scanning its systems for a particular type of malicious code, according to Lunderville's statement. The code is associated with a hacking technique called Grizzly Steppe by US officials, who say the technique is likely used by Russian hackers.
The Department of Homeland Security and Federal Bureau of Investigation released an analysis of Grizzly Steppe on Thursday, the same day the Obama administration announced sanctions against Russia for its role in hacks on US political organizations during the 2016 national election.
When Burlington Electric Department found the "suspicious internet traffic," it reported it to federal authorities, Lunderville said in his statement.
According to a follow-up story in the Post, unnamed federal authorities leaked news of the investigation "without having all the facts and before law enforcement officials were able to investigate further."
Investigators did find some malicious code on the Vermont utility's computer, though it was unrelated to Grizzly Steppe. Rather, it was a set of software tools called Neutrino that are "commonly used by cybercriminals to deliver malware," the Post said.
Burlington Electric Department did say on Saturday it found "the malware" on the laptop, but that wording now appears to have been removed from the utility's initial statement.
https://www.cnet.com/news/no-russian-attempt-to-hack-vermont-power-grid-utility-says/