Story quickly falls apart after investigation finds claims to be inaccurate.
The Washington Post reported Friday that the U.S. power grid had been hacked by the same Russian actors accused of breaching the DNC – the only problem, the grid wasn’t hacked.
According to the report, malicious “code” associated with Grizzly Steppe, the name given to Russian hacking operations by the Obama administration, was found within the system of a utility company in Virginia.
“While the Russians did not actively use the code to disrupt operations, according to officials who spoke on the condition of anonymity to discuss a security matter, the discovery underscores the vulnerabilities of the nation’s electrical grid,” the article states.
The code, which was not specifically identified by the Post, was released by the FBI and DHS in a Joint Analysis Report (JNC) Thursday regarding the “tools and infrastructure” of the accused Russian hackers. The report provided a way for network administrators to examine their systems for malicious activity and other Indicators of Compromise (IOCs).
As the news stirred fear among Americans across social media, members of the cybersecurity community immediately questioned the validity of the report.
Matt Tait, a former member of the GCHQ, the UK’s NSA equivalent, quickly noted that attribution, or the process of discovering “whodunnit,” would almost certainly not be accomplished in less than 24 hours.
Treat this story with a whole boatload of caution. No way a proper assessment has been done in < 1 day. https://t.co/303FDxkBko
— Pwn All The Things (@pwnallthethings) December 31, 2016
John Hultquist, who has spent a decade tracking cyber espionage threats for both the government and private sector, noted that Russian operators had previously infiltrated the grid, making it possible that the discovered code was a “lingering infection.”
Sandworm was found in US grid before and this could be lingering infection found with recently released info. https://t.co/uiugDGBlxa
— John Hultquist (@JohnHultquist) December 31, 2016
The IOCs, while important in detecting possible hacks, will likely produce numerous false positives for the near future.
Robert M. Lee, CEO and founder of cybersecurity company Dragos, which specializes in threats facing critical infrastructure, also noted that the IOCs included “commodity malware,” or hacking tools that are widely available for purchase.
1. No they did not penetrate the grid. 2. The IOCs contained commodity malware – can't attribute based off that alone. https://t.co/AMNMVzFpFW
— Robert M. Lee (@RobertMLee) December 31, 2016
No evidence at this time connects the malware to Russia or any recent hacking campaigns.
Please follow SGT Report on Twitter & help share the message.