A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected on a laptop associated with a Vermont electric utility but not connected to the grid.
"We took immediate action to isolate the laptop and alerted federal officials of this finding," the Burlington Electric Department said in a statement.
"Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully."
The Department of Homeland Security alerted utilities on Thursday night (local time) about the malware code used in Grizzly Steppe, the Burlington Electric Department said.
"We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organisation's grid systems," it said.
President Barack Obama ordered the expulsion of 35 Russian suspected spies and imposed sanctions on two Russian intelligence agencies over their involvement in hacking US political groups in the 2016 presidential election.
The statement came after a Washington Post report that Russian hackers penetrated a Vermont utility.
Government and utility industry officials regularly monitor the nation's electrical grid because it is highly computerised and any disruptions can have disastrous implications for the functioning of medical and emergency services, the Post said.
A senior Obama administration official said the administration had sought in its sanctions announcement to alert "all network defenders" in the United States so they could "defend against Russian malicious cyber activity."
Russia is widely considered responsible by US officials and private-sector security experts for a December 2015 hack of Ukraine's power grid that knocked out the lights for about 250,000 people.
That hack prompted National Security Agency chief Mike Rogers to say at a conference in March that it was a "matter of when, not if" a cyber adversary carried out a similar attack against the United States.