‘Malware on laptop energy company US not from Russian state hackers’

A US government investigation shows that the malware recently found on the laptop of a power grid operator in the US state of Vermont did not come from Russian state hackers. The investigation began Friday.

The Washington Post, which also published the news about the malware last week, cites sources with knowledge of the investigation. The investigation revealed that malware was present on the laptop, but not that it was linked to the ‘Grizzly Steppe’ spear phishing campaign, which was carried out on the Democratic party. It is said to be malware distributed by a common exploit kit called Neutrino, which is used by internet criminals.

It is not yet clear how the malware ended up on the laptop via the exploit kit, the newspaper continues. An employee may have connected to a suspicious IP address when trying to view his Yahoo email. Initially, the malware was attributed to the Grizzly Steppe campaign, which was named in an FBI report released last week. In a later message, the energy company said it would be ‘suspicious internet traffic’. The newspaper writes that the FBI report caused a lot of confusion. As a result, it received a lot of criticism from security experts.

The confusion is said to have arisen, among other things, because the report is very broad and does not contain specific information. For example, it mentioned a list of suspicious IP addresses, but those alone would not be enough to designate a person responsible. This is because these can be used by many different parties, an expert explains to the newspaper. A government official defends the report, saying that “this is exactly the kind of information the government should share because the security capabilities of companies and organizations vary widely.”