The Washington Post first reported the finding, suggesting that Russian hackers had gained access to the electrical grid via the Vermont utility, however the company's statement says there's no indication that happened. In a statement, it said the laptop in question was not connected to grid systems. Vermont Public Service Commissioner Christopher Recchia told the Burlington Free Press that the grid was not in danger.

Because it's not clear exactly what matched, there's a possibility that it could be the result of a false positive, or shared code. Also, it's not clear when or how the malware got on the laptop. Based on those reasons, a number of security professionals on Twitter suggested waiting for more details before crediting this finding to Grizzly Steppe (a name attributed to the Russian attacks in Wednesday's report).

So far, no other utilities or agencies have reported anything similar, but we will update this post if more information comes to light.

Update (1/3): The Burlington Electric Department issued a followup statement, in which it changes the description of what has been identified. Now it refers to the findings as "suspicious internet traffic," and says that "Federal officials have indicated that this specific type of Internet traffic also has been observed elsewhere in the country and is not unique to Burlington Electric."

The Washington Post has a new article as well, admitting that its initial assertion about the grid being penetrated was inaccurate. According to the paper's sources, government investigators found evidence of a "Neutrino" software package used to deliver malware on the laptop, which does not appear to be connected to Grizzly Steppe.