New evidence has emerged from the investigation on the clamorous cyber attack against the Sony Pictures, experts at Alien Vault provided further elements to link the attack to the North Korea.
Last week, experts at TrendMicro provided the details of the wiper malware that infected the systems at Sony Picture, today experts at the firm AlienVault dissected a sample of the code identified with the information provided by the FBI.
The AlienVault’s labs director Jaime Blasco analyzed a sample of the malware that was detected by company’s honeypots, the malware was compiled between November 22th and 24th, a few days before the major attack against Sony Pictures.
The most interesting discovery that the experts made is that the wiper malware was compiled by a computer with Korean language text settings.
Despite the findings link the malware to North Korea, the Government of Pyongyang is denying any involvement in the cyber attack on Sony Pictures.
The analysis conducted by AlienVault provides further evidences for the involvement of North Korea hackers, highlighting that the source code was specifically designed to target the Sony Pictures. The strain of malware analyzed by Alien Vault used a simple login and password to gain access to corporate Sony Picture network, this circumstance suggests that the hackers have already targeted the company, for example stealing network credentials in a spear phishing attack.
AlienVault confirmed that the wiper malware once infected the victims has deleted any data on their hard drives, performed other malicious activities and displayed the GOP manifest.
The experts don’t exclude that the code was reused from preexisting wiper malware, but their analysis revealed that it was customized and deployed by Korean speaking hackers, and security community believe that experts of that country are directly linked to the central Government.
(Security Affairs – Sony Pictures, North Korea, wiper malware)
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.