FBI stated the North Korea hacked Sony Pictures, Pyongyang wants a joint investigation

An announcement by the FBI stated the North Korea hacked Sony Pictures, but Pyongyang refused accusations and offered support for the investigation.

The cyber attack against Sony Pictures is monopolizing the attention of the media, in particular, the problem of the attribution is hard to solve.

The FBI released the findings of its investigation that definitively indicate that North Korea was behind the cyberattack on Sony Pictures.

“As a result of our investigation, and in close collaboration with other US Government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions,” the FBI said Friday in a statement.

The US law enforcement suspect the involvement of North Korea’s Unit 121, which is the group of hackers working under the direction of the General Bureau of Reconnaissance.

Investigators have recognized the TTPs of North Korean state-sponsored hackers, the FBI confirmed in the official update provided in the Sony case. The FBI revealed many similarities between the wiper malware that infected the systems at Sony Pictures and other malicious code attributed to the North Korean cyber units. Below an excerpt from the FBI update:

As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

– Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.

– The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.

-Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

The US authorities are very concerned by the possibility that similar attacks will hit other companies in the USA in the next months.

“We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States,” read the FBI statement.

In response to the FBI update on the Sony Pictures hack, North Korea has refused the accusations and has proposed a joint investigation with the US law enforcement according to the state news agency, KCNA.

The North Korean authorities explained that they can prove the Government has nothing to do with the cyberattack on Sony Pictures. The statement reported by the KCNA also warns of “grave consequences” if the US refuses to cooperate in the investigation.

While FBI blames the North Korea that denies any involvement, a message claiming to be from the GOP, aka Guardians of Peace, taunted the Bureau.

“The result of investigation by FBI is so excellent that you might have seen what we were doing with your own eyes,” states the message posted to Pastebin. “We congratulate you success,’ continued the message. ‘FBI is the BEST in the world.”

The message announces further revelation for Christmas, a gift for its followers

“You will find the gift for FBI at the following address,’ read the message, including a link to a YouTube video titled ‘you are an idiot!”

to be continued …

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs –  Sony Pictures, North Korea)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

EvilVideo, a Telegram Android zero-day allowed sending malicious APKs disguised as videos

EvilVideo is a zero-day in the Telegram App for Android that allowed attackers to send…

5 hours ago

SocGholish malware used to spread AsyncRAT malware

The JavaScript downloader SocGholish (aka FakeUpdates) is being used to deliver the AsyncRAT and the…

15 hours ago

UK police arrested a 17-year-old linked to the Scattered Spider gang

Law enforcement arrested a 17-year-old boy from Walsall, U.K., for suspected involvement in the Scattered…

20 hours ago

Security Affairs Malware Newsletter – Round 3

Security Affairs Malware newsletter includes a collection of the best articles and research on malware…

2 days ago

Security Affairs newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles…

2 days ago

U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe Commerce and Magento, SolarWinds Serv-U, and…

2 days ago

This website uses cookies.