Russian Hackers Said To "Penetrate US Electricity Grid" Using Outdated Ukrainian Malware

Tyler Durden's picture

Two days after the DHS and FBI released a report revealing what the US agencies alleged was the government-controlled Russian operation behind the "hacking of the US election" which they dubbed "Grizzly Steppe", and which had a peculiar disclaimer according to which nothing contained in the report should be taken at face value or was even credible after the DHS said it "does not provide any warranties of any kind regarding any information contained within"...

... overnight the crusade against "Russian hackers" continued following news that Russian cyberspecialists had managed to penetrate the Vermont electric grid, after a state utility, Burlington Electric, announced it had found a notebook computer containing the same malware code that the FBI and DHS had touted as linked to the Russian hackers.

According to WaPo, "Burlington Electric said in a statement that the company detected a malware code used in the Grizzly Steppe operation in a laptop that was not connected to the organization’s grid systems. The firm said it took immediate action to isolate the laptop and alert federal authorities." On Friday night, Vermont Gov. Peter Shumlin (D) called on federal officials “to conduct a full and complete investigation of this incident and undertake remedies to ensure that this never happens again.”

As a reminder, this Thursday when Obama unveiled sanctions against Russia and announced the expulsion of Russian state workers in the worst diplomatic clash between the two nations since the cold war, concurrently the FBI and DHS released a joint report on the "Grizzly Steppe" a hacking operation which was supposedly linked to the Russian government, and alleged that it had targeted “US persons and institutions, including from US political organizations.” In reality what they described in the report, was the simplest of spoofing operations, in which the "hackers involved in the Russian operation used fraudulent emails that tricked their recipients into revealing passwords." In other words, if simple email spoofing - i.e., relying on the stupidity of its "American targets- was the best the Russian government could do to "hack the US elections", then the US had little reason to be concerned.


Which is why the US felt the need to add to the sense of urgency overnight when it accused the same "government-organized group of hackers" as having penetrated the Vermont electric grid.

Along with the report, the US security agencies released a sample of the malware code allegedly used in the Grizzly Steppe operation to compromise US computer networks. The code was also shared with executives from 16 industries around the nation, including the financial, utility, and transportation sectors.  It is this code which Burlington Electric, a Vermont-based utility, allegedly found.

The company released a statement on Friday night saying that the malware code had been detected during a scan of a single company laptop. However, soon after publication of the Post’s story, it was revealed that the malware had only infected a utility company laptop that had no access whatsoever to the electrical grid. As noted by Politico cybersecurity reporter Eric Geller, the Post quickly edited its headline upon learning that the incident was far less serious than initially reported.

“We took immediate action to isolate the laptop and alerted federal officials of this finding. Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully,” the statement said.

Naturally, the US media promptly ran with the story as further evidence of Russian hacking of critical US infrastructure and national interests: the WaPo wrote "Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say" (originally the article's title was "Russian hackers penetrated U.S. electricity grid through a utility in Vermont, official say" which we now know was simply "fake news"), the AP added "Vermont Utility Finds Malware Code Attributed to Russians." However, as Mikael Thalen notes, the mistake on behalf of the Post was not only to blow out the story out of proportion but not to suggest that nation states do not hack into one another’s critical infrastructure. Russia has successfully infiltrated the U.S. grid before, is likely inside now, and has attacked the power grids of other countries, such as the Ukraine, in the past. The U.S. government likewise has gained access to foreign power grids. As part of the “Nitro Zeus” operation, the U.S. breached Iranian infrastructure and prepared to carry out cyber attacks during the early years of the Obama administration in the event that diplomatic efforts to reduce Iran’s nuclear program failed.

However, the damage was quickly done and shortly after the statement, Vermont politicians had gotten involved.

“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” Vermont Governor Peter Shumlin said in a statement. “This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling,” he said.

But was it really Russian meddling? After all, how does one prove not only intent but source in a world of cyberespionage, where planting false flag clues and other Indicators of Compromise (IOCs) meant to frame a specific entity, is as important as the actual hack.

Robert M. Lee, CEO and founder of cybersecurity company Dragos, which specializes in threats facing critical infrastructure, also noted that the IOCs included “commodity malware,” or hacking tools that are widely available for purchase.

According to some cybersecurity specialists, the code came from an outdated Ukrainian hacking tool. As RT notes, IT specialists that have analyzed the code and other evidence published by the US government are questioning whether it really proves a Russian connection, let alone a connection to the Russian government. Wordfence, a cybersecurity firm that specializes in protecting websites running WordPress, a PHP-based platform, published a report on the issue on Friday.

Wordfence said they had traced the malware code to a tool available online, which is apparently funded by donations, called P.A.S. that claims to be “made in Ukraine.” The version tested by the FBI/DHS report is 3.1.7, while the most current version available on the tool’s website is 4.1.1b.

"One might reasonably expect Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources,” the report says.

The second part of the analysis deals with the list of IP addresses provided by the US agencies. The report says they “don’t appear to provide any association with Russia” and “are probably used by a wide range of other malicious actors.”

Meanwhile, that little nuance, i.e., the ongoing lack of actual evidence that Russians hacked the Vermont utility let alone the "US elections" however did not stop the Obama administration from accusing Russian government of hacking US computer networks in order to influence the presidential to justify imposing some of the toughest sanctions on Russia yet.

In the biggest news yesterday, however, Putin chose to ignore Obama's punitive measures, calling their imposition a clear provocation, while saying that Moscow will build its relations with the US based on the policies of the next administration under President-elect Donald Trump, not President Barack Obama’s parting shots. In October, Putin ridiculed the idea that Russia could influence the US presidential election, saying that America was not “a banana republic.”

Shortly after Putin took the "high road" Donald Trump took to Twitter, praising Vladimir Putin, saying "Great Move On Delay - I Always Knew He Was Very Smart", while mocking US media outlets, "Russians are playing @CNN and @NBCNews for such fools - funny to watch, they don't have a clue!" His tweet promptly, and predictably, drew accusations of treason by many liberals.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
groaner's picture
groaner (not verified) Dec 31, 2016 10:03 AM

OK here we go... they are setting up the next terrorist attack and going to blame it on ... guesss... could it be Russia?

Looney's picture


0bama: We blame all malware and viruses on Russia, including Chlamydia, Ebola, and Swine Flu.   ;-)


J S Bach's picture

Russian hackers stole my last roll of toilet paper today!

This is getting so blatently ridiculous as to be comical.  The U.S. is using every kind of deceitful pretext to villainize Russia before Trump takes over.  Vlad must hold tight for 3 more weeks and pray that the crazed puppet in the Black House doesn't place one of his marionette fingers on any red buttons.

Pure Evil's picture

I have to wonder which porn websites the owner of the labtop was viewing in order to get his computer infected with malware?

Not that there's anything wrong with that especially if its midget tranny porn.

WakeUpPeeeeeople's picture

Any kind of internet porn is good as long as it's FREE!!

a Smudge by any other name's picture

In related news, Russia accused of hacking Mr. Jones' cow. "Betsy has been activing mighty funny since all this Russian hacking business" said William "Billy" Jones of Montpelier.

johngaltfla's picture

I was hacked by the Russians and now I get free Viagra daily from Canada.

El Vaquero's picture

We're (the US) a bunch of hypocrites.  Everybody hacks everybody.  This is well known.  But we brag about it.


U.S. military hackers have penetrated Russia's electric grid, telecommunications networks and the Kremlin's command systems, making them vulnerable to attack by secret American cyber weapons should the U.S. deem it necessary, according to a senior intelligence official and top-secret documents reviewed by NBC News.


VinceFostersGhost's picture



This is pathetic!


His name was Seth Rich.

brianshell's picture

Isn't it odd that they ignore the obvious when it doesn't further their agenda.

By the way, does anyone know what is located near Massena NY that gets so many pings on the Norsecorp map?

Whoa Dammit's picture

Bahahaha! One of the primary sources of the Russian Hackers fake news was caught in the past sending Dick Pics.

forexskin's picture

this is the most pathetic cuck fest i've seen yet coming out of what used to be my state. just enough MA transplants escaping the shithole they've created by coming here to perfect the kind of gov't that drove them out of MA in the first place.

shumlin is another tool, he's also responsible for the abomination of a VT health care exchange (on his knees in front of oboner, chin dripping) that's bankrupting this state.

his statement on this matter is a grandstanding joke.

he's so sick of the socialists infighting in the legislature that he declined to run for gov this year.

burlington is getting known as the perfect little socialist snoflake utopia. i hope putin offers to kick shumlin's ass, but in the grand scheme of things, shumlin would reach the apex of his career if putin deigned to flick a booger his way.

god these idoits should just get to reap what they've sown.


this is bullshit by a manure wagon full of bought and paid for tools. fuck your power grab run up to ww3, you insects...

Draybin Deffercon III's picture
Draybin Deffercon III (not verified) forexskin Dec 31, 2016 2:03 PM

Don't get penetrated by teh hackerz!  Buy your Bitcoins today for cash!


Ton't gets penetrated puy teh Ponzi Precious Electric Sheep Satoshi Bux Getses Richie Rich Toot Sweet Quick Scheme, either. 


PrayingMantis's picture


... ask michael who penetrated obumboclot's grid ...


TBT or not TBT's picture

That Rwanda genocide a couple of decades ago?  Russian hackers.  

brianshell's picture

What is the specific location? Note that it is possibly the most common point in the western hemisphere for pings and that most of them come from Redmond Wa, Microsoft as well as key locations in China etc. Whatever this is it garners a tremendous amount of traffic.

edit Xervent and Dyncorp

Draybin Deffercon III's picture
Draybin Deffercon III (not verified) cheech_wizard Dec 31, 2016 2:26 PM

Of course we both know that if Zerobrains were really so scared about Hackers, EMPs, Grid Down Scenarios they never would have used credit cards in the first place.  So full of shit that its not even funny!

zero_wedge's picture

Credit card debt + EMP = forgiveness

brianshell's picture

Nearby Ft Drum, Watertown NY location of Dyncorp Intl.. See operation Iraqui freedom, Karzai bodyguards etc

Bastiat's picture

This would be funny if it weren't so damn scary.  The upside perspective is:  if they are this desperate to keep Trump out, he must be seen as a genuine threat to the neocons.  But he has to get there.

BennyBoy's picture


 CIA/NSA old Stuxnet is also in the Grid. As well as newer "Freedom Malware".

JRobby's picture

Thank you! And happy New Year.

stormsailor's picture

and from mr richard fader of fort lee new jersey, dear rosanna rosanna danna. ever since the russians hacked the election my tv controller has been acting wacky.

Paul Kersey's picture

If the Russians really wanted to hack the U.S. effectively, they'd expose that secret video showing prune face John McCain wearing a large black strap-on, doing the old bump-n-pump on Loose Lindsey Graham's well-lubed mangina.

fockewulf190's picture

Vermont is about as blue a state as it gets. Coincidence this laptop just so happened to pop up there? I mean, c'mon. Seems more of a Deep State pitch-hitter op to back up one deeply scorned, bitch slapped, and soon to be ex-prez desperate for some street cred.

any_mouse's picture

Vermont. It was the Canadians. Blame Canada!

The Saint's picture
The Saint (not verified) fockewulf190 Dec 31, 2016 2:56 PM

Did they find that laptop in Bernie Sanders' new lake front home?


Skateboarder's picture

Dude, breakin' news -

Russian hackers changed New Year's Day to Jan 2nd. We're all celebrating on the wrong day as a result. Holy shitballs!


And wish all of you curmudgeons, young and old, a happy and prosperous (or as close as you can get) new year. May everyone on the planet make it through the next round around the glowy ball of fire okay.

Stackers's picture

The StuxNet documentary "Zero Days" is a must watch !

Brian's picture

YES This ^^^^^^^^^^^

I was posting exactly this all over when the story ran.  At the time I said that the US Government had just given the green light to all foreign governments that it is Okay to plant CyberBombs in other country's critical infrastructure systems, because the USA announced that they have done just that to Russia.

How now can anyone in the USA complain?  Notwithstanding the lack of evidence that this is Russian - even if it were, it is exactly what the US military admits to having done preemptively to Russia.


peddling-fiction's picture

Peak Hypocrisy has been reached.

VinceFostersGhost's picture



Come on 20th of Jan !


Seems like forever in doggy years.

HowdyDoody's picture

A Russian outfit 'Grizzly Bear' using Ukrainian malware to attack the US grid?

Probably all thought up by the same crew who came up with the name 'Operation Iraqi Liberation' for a famous ME 'humantiarian intervention'.

a Smudge by any other name's picture

I was hacked by viagra and I got free White Russians!

Raffie's picture

If it is Outdated Ukrainian Malware then what does that say about their security software?

Sounds like that had it coming.

The Saint's picture
The Saint (not verified) Pure Evil Dec 31, 2016 2:50 PM

"I have to wonder which porn websites the owner of the labtop was viewing in order to get his computer infected with malware?"

Probably stuck his USB Flash Drive in I mean somewhere it shouldn't be.

JRobby's picture

To use the term "paper thin" would be a gross exaggeration. 

It was an X and or disgruntled employee, most likely accidental download.

This farce has gone far enough.

Shemp 4 Victory's picture


Russian hackers stole my last roll of toilet paper today!

Russian hackers made my cat puke up a hairball.

chunga's picture

All of a sudden one of my chickens is starting to moult!

Ignatius's picture

As soon as I read the headline I ran to my electrical box and threw the main.  Yes it's dark and cold here, but I'm pretty sure I've prevented malicious Russian code from entering the house and, of course, I still have my vote (which I treasure and will keep safe until the next election cycle).

Zarbo's picture

All you had to do was unplug the Ethernet to get rid of the Internetz and shut down your WiFi to prevent your neighbor from downloading porn at your expense.

peddling-fiction's picture

Actually you can route the Internet through electrical circuits.

Jethro's picture

Well, that is about the worst time of year for a chicken to moult.  Sadly, i think my main rooster is bi.  He keeps raping my little buff orpington rooster.  Pretty sad really.