Russian hackers do not appear to be behind an attack on a Vermont electric utility, reports the Washington Post, citing officials close to the investigation of a potential activity first reported by the Post last week.
The report at least temporarily puts to bed a news story that rankled many in the security community — including the most fervent believers that the Democratic National Committee was hacked by the Russians — and underlines problems many have with a joint Homeland Security, Director of National Intelligence and FBI report released last week.
Last week, The Post reported that one of the groups behind the breach at the DNC had infiltrated the power grid through Burlington Electric. Burlington Electric soon clarified that the grid had not been breached, but rather a laptop not connected to the power grid showed indicators of compromise listed in the joint report.
But the joint report included information that many experts note is not exclusively connected to Russian intelligence attacks, vexing cybersecurty pros who wanted to see more specifics about the operation the federal government called “Grizzly Steppe.”
A list of internet addresses said to be tied to the attacks included some that were common to other uses, too, including those used by thousands of users from the Tor internet anonymity service. A list of pseudonyms for the attackers included “Powershell backdoor,” which is a type of attack, not a specific attacker group.
According to the latest Post report, the broad list of internet addresses led Burlington Electric to believe that a compromised laptop was the victim of a Russian attack. Upon further investigation, it appears to have been infected by a common hacker toolkit not connected to the Russian attacks.
“Thank you for issueing correction @washingtonpost. Good to finally put this nonsense Vermont hacking story to bed,” tweeted Crowdstrike co-founder Dmitri Alperovitch.
Though FireEye was the company that first attributed the attack on the DNC to Russia, and has only grown more confident about the attribution with evidence discovered in the following months, Alperovitch is one of the cybersecurity experts critical of the joint report.
“No one should be making any attribution conclusions purely from the indicators in the USCERT report. It was all a jumbled mess,” he tweeted last week.