North Korea continues cyber warfare against Sony

Uploaded on 2014-12-10 in INTELLIGENCE-Hot Spots-North Korea, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

The Interview stars Seth Rogen and James Franco as journalists enlisted to kill Kim Jong-un.

For the past few weeks, entertainment giant Sony Pictures has seen its computers paralysed by a cyberattack that has published unreleased movies and thousands of confidential documents. While there is widespread suspicion that North Korea is behind the attack, its unprecedented level of sophistication is a harbinger of cyber conflicts to come.

Now the hack against Sony Pictures appeared to enter new territory when employees reportedly received messages threatening them and their families. The message warned, "not only you but your family will be in danger."

Sony's computer system was attacked in late November and gigabytes of data, including unreleased movies, were stolen and leaked online. Embarrassing hacks have hit other companies in recent years, but threatening employees is highly unusual and will put extra pressure on law enforcement to find those responsible.

The message purports to be from the Guardians of Peace, the group that has claimed responsibility for the Sony hack. It's written in patchy English and opens with further threats against Sony.

"Removing Sony Pictures on earth is a very tiny work for our group which is a worldwide organization. And what we have done so far is only a small part of our further plan".

It then turns to Sony employees.

"Many things beyond imagination will happen at many places of the world. ... Please sign your name to object the false of the company at the email address below if you dont want to suffer damage. If you dont, not only you but your family will be in danger," the message reads.

The November attack crippled computers at Sony and led to upcoming films and workers' personal data being leaked online. The comedy The Interview, made by Sony Pictures, features James Franco and Seth Rogen as two journalists who are granted an audience with North Korean leader Kim Jong-Un. The CIA then enlists the pair to assassinate him.

The film is due to be released over Christmas. First Seth Rogen and James Franco and now Princess Beatrice of York has found herself the target of the recent cyber attack on Sony. Details of the royal’s pay were included in the latest document to be leaked by the anonymous hacker. It was revealed that the daughter of Prince Andrew, who is sixth in line to the British throne, earned a starting salary of $30,300 (£19,500) at the film company in her first year. Her position was listed as “Intermed Coord, Prod,” or “intermediate coordinating producer”, and her address was listed as Windsor, Berkshire.  She has been working with Sony Pictures, it continued, since January.

Bureau 121 and GOP

North Korea has created a sophisticated cyber operation called Bureau 121, which has been known to attack South Korea. Now defectors from 121 have said that the Bureau in the North is responsible for the attack on Sony Pictures.

However there is another group that has been suggested as the attackers. Researchers at TrendLabs, part of TrendMicro, announced that they have identified the strain of malware that was used in the cyber attack against Sony Pictures. And TrendLabs believe it to be from GOP (Guardians of Peace). GOP claim to be an independent hacking group who have people’s rights as their purpose for action and hacks.

There are therefore now two theories about the Sony Pictures hack. The first theory is that Guardians of Peace, was given access to the Sony's servers by a disgruntled employee, and the group's public statements seem to lead to this explanation.

The second theory is that Guardians of Peace is actually a group of hackers working for North Korea's Bureau 121, the collection of skilled hackers who regularly hack into networks in South Korea and the US. There's no proven link here, but security researchers have examined malware that could have been used by Guardians of Peace, and there are similarities with North Korean hacking tactics.

Sony Pictures is supporting the investigation conducted by the FBI and hired FireEye Mandiant to improve the incident response activities. A few days after the attack the FBI issued an alert to warn US businesses of a destructive strain of malware that had been utilized in an attack against a target in the US. Despite the FBI memo doesn’t explicitly mention Sony Pictures, but security experts are convicted that the Federal Bureau of Investigation is referring the attack on the entertainment company.

North Korea has denied hacking into the computer system at Sony Pictures in retaliation for a film The Interview depicting the country's leader, but has also praised the attack itself as a "righteous deed". It has described the film as an "act of terrorism and an “act of war”.

And now the FBI has issued a general warning to businesses to be aware of a highly destructive malware, in the wake of the recent attack on US film and TV producer Sony Pictures. And the FBI has recently sent out a confidential five-page ‘flash' warning to US businesses, alerting them to an attack using malware that overrides all data on the hard drives of the infected computers and prevents them from booting up.

Other potential government against government cyberwarfare comes from Taiwan, which can also claim the dubious honor of being one of the most hacked, if not the most hacked, places in the world. The computers of its government, businesses and research centres are bombarded by attempts to infiltrate them to steal sensitive information, probe defences and explore their inner workings.

So hacked is Taiwan that employees of some government ministries are issued with two sets of computers - one connected to the internet, and a second that remains offline for security reasons.

Taiwanese cyber defence experts have even noticed correlations between attempts to intrude on Taiwan's networks and office hours in China - activity drops off during main-land China's national holidays and Taiwan estimates China has 100,000 people at work in a national cyber army today.

These high profile attacks signal a new era in the Internet age where it will no longer be innocent consumers exploited by criminals, but nation against nation. The final verdict about who is behind these sophisticated attacks has yet to be delivered, but experts agree that the clues are hard to miss.

Examiner:    Computerworld:   Business Insider:   Ein News:    BBC:   Security Affairs:

Ein News:  SC Magazine:  Independent:

 

 

 

 

 

 

 

« A Major Cyberattack will happen in next Decade!
150 million cars will be connected to the Internet by 2020 »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Pondurance

Pondurance

Pondurance is an IT Security and Compliance company providing services in Cyber Security, Continuity, Compliance and Threat Management.

PCI Pal

PCI Pal

PCI Pal’s secure cloud payment solutions are certified to the highest level of security by the leading card companies.

SIGA

SIGA

SIGA provides cyber security solutions for Industrial Control Systems SCADA systems used in critical infrastructures and industrial processes.

Untangle

Untangle

Untangle provides network security products designed specifically for the below-enterprise market, safeguarding businesses, home offices, nonprofits, schools and governmental organizations.

Fortra

Fortra

Fortra (formerly HelpSystems) is your cybersecurity ally, unified through the mission of providing solutions to organizations' seemingly unsolvable cybersecurity problems.

Six Degrees

Six Degrees

Six Degrees is a leading secure, integrated cloud services provider. We protect UK organisations and help them thrive in the cloud by giving them secure platforms to innovate and grow.

Armis

Armis

Armis offers the markets leading asset intelligence platform designed to address the new threat landscape that connected devices create.

Cyber Security Education

Cyber Security Education

CybersecurityEducation.org is an online directory of cyber security education and careers.

Tier1Asset (T1A)

Tier1Asset (T1A)

T1A is Europe’s leading IT refurbisher. We offer certified data erasure using blancco on site and at our facilities, providing environmentally sound disposal of your used equipment.

Crown Sterling

Crown Sterling

Crown Sterling delivers next generation software-based, AI-driven cryptography in the form of random number generators and encryption products.

In Fidem

In Fidem

In Fidem specializes in information security management, with a bold approach that views cybersecurity as a springboard to organizational transformation rather than a barrier to innovation.

Advantio

Advantio

Advantio offers a unique combination of technologies and managed, advisory and testing services to increase your cyber resilience and compliance.

Cyber Protection Group (CPG)

Cyber Protection Group (CPG)

Cyber protection Group specialize in Penetration Testing. We work with enterprise level companies as well as small to medium sized businesses.

Ekco

Ekco

Ekco is one of Europe’s leading managed cloud providers. With a network of infrastructure and security specialists across Europe, we’ve perfected our approach to supporting digital transformation.

Disecto Technologies

Disecto Technologies

At Disecto, we provide SaaS based Data Discovery, Classification and a remediation solution for data privacy compliance.

SFY Information Technology

SFY Information Technology

SFY helps companies with Cyber Security and Managed IT, allowing them to focus on what really matters to them.