Categories: Cyber CrimeCyber warfareMalware

The wiper malware that hit Sony Picture was written in Korean

Security experts at AlienVault discovered further elements of the wiper malware used for the attack on Sony Pictures that link it to North Korean hackers.

New evidence has emerged from the investigation on the clamorous cyber attack against the Sony Pictures, experts at Alien Vault provided further elements to link the attack to the North Korea.

Last week, experts at TrendMicro provided the details of the wiper malware that infected the systems at Sony Picture, today experts at the firm AlienVault dissected a sample of the code identified with the information provided by the FBI.

The AlienVault’s labs director Jaime Blasco analyzed a sample of the malware that was detected by company’s honeypots, the malware was compiled between November 22th and 24th, a few days before the major attack against Sony Pictures.

The most interesting discovery that the experts made is that the wiper malware was compiled by a computer with Korean language text settings.

Despite the findings link the malware to North Korea, the Government of Pyongyang is denying any involvement in the cyber attack on Sony Pictures.

The analysis conducted by AlienVault provides further evidences for the involvement of North Korea hackers, highlighting that the source code was specifically designed to target the Sony Pictures. The strain of malware analyzed by Alien Vault used a simple login and password to gain access to corporate Sony Picture network, this circumstance suggests that the hackers have already targeted the company, for example stealing network credentials in a spear phishing attack.

AlienVault confirmed that the wiper malware once infected the victims has deleted any data on their hard drives, performed other malicious activities and displayed the GOP manifest.

The experts don’t exclude that the code was reused from preexisting wiper malware, but their analysis revealed that it was customized and deployed by Korean speaking hackers, and security community believe that experts of that country are directly linked to the central Government.

Pierluigi Paganini

(Security Affairs – Sony Pictures, North Korea, wiper malware)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.