North Korea continues cyber warfare against Sony

Uploaded on 2014-12-10 in TECHNOLOGY-Hackers, NEWS-News Analysis, FREE TO VIEW

The Interview stars Seth Rogen and James Franco as journalists enlisted to kill Kim Jong-un.

For the past few weeks, entertainment giant Sony Pictures has seen its computers paralysed by a cyberattack that has published unreleased movies and thousands of confidential documents. While there is widespread suspicion that North Korea is behind the attack, its unprecedented level of sophistication is a harbinger of cyber conflicts to come.

Now the hack against Sony Pictures appeared to enter new territory when employees reportedly received messages threatening them and their families. The message warned, "not only you but your family will be in danger."

Sony's computer system was attacked in late November and gigabytes of data, including unreleased movies, were stolen and leaked online. Embarrassing hacks have hit other companies in recent years, but threatening employees is highly unusual and will put extra pressure on law enforcement to find those responsible.

The message purports to be from the Guardians of Peace, the group that has claimed responsibility for the Sony hack. It's written in patchy English and opens with further threats against Sony.

"Removing Sony Pictures on earth is a very tiny work for our group which is a worldwide organization. And what we have done so far is only a small part of our further plan".

It then turns to Sony employees.

"Many things beyond imagination will happen at many places of the world. ... Please sign your name to object the false of the company at the email address below if you dont want to suffer damage. If you dont, not only you but your family will be in danger," the message reads.

The November attack crippled computers at Sony and led to upcoming films and workers' personal data being leaked online. The comedy The Interview, made by Sony Pictures, features James Franco and Seth Rogen as two journalists who are granted an audience with North Korean leader Kim Jong-Un. The CIA then enlists the pair to assassinate him.

The film is due to be released over Christmas. First Seth Rogen and James Franco and now Princess Beatrice of York has found herself the target of the recent cyber attack on Sony. Details of the royal’s pay were included in the latest document to be leaked by the anonymous hacker. It was revealed that the daughter of Prince Andrew, who is sixth in line to the British throne, earned a starting salary of $30,300 (£19,500) at the film company in her first year. Her position was listed as “Intermed Coord, Prod,” or “intermediate coordinating producer”, and her address was listed as Windsor, Berkshire.  She has been working with Sony Pictures, it continued, since January.

Bureau 121 and GOP

North Korea has created a sophisticated cyber operation called Bureau 121, which has been known to attack South Korea. Now defectors from 121 have said that the Bureau in the North is responsible for the attack on Sony Pictures.

However there is another group that has been suggested as the attackers. Researchers at TrendLabs, part of TrendMicro, announced that they have identified the strain of malware that was used in the cyber attack against Sony Pictures. And TrendLabs believe it to be from GOP (Guardians of Peace). GOP claim to be an independent hacking group who have people’s rights as their purpose for action and hacks.

There are therefore now two theories about the Sony Pictures hack. The first theory is that Guardians of Peace, was given access to the Sony's servers by a disgruntled employee, and the group's public statements seem to lead to this explanation.

The second theory is that Guardians of Peace is actually a group of hackers working for North Korea's Bureau 121, the collection of skilled hackers who regularly hack into networks in South Korea and the US. There's no proven link here, but security researchers have examined malware that could have been used by Guardians of Peace, and there are similarities with North Korean hacking tactics.

Sony Pictures is supporting the investigation conducted by the FBI and hired FireEye Mandiant to improve the incident response activities. A few days after the attack the FBI issued an alert to warn US businesses of a destructive strain of malware that had been utilized in an attack against a target in the US. Despite the FBI memo doesn’t explicitly mention Sony Pictures, but security experts are convicted that the Federal Bureau of Investigation is referring the attack on the entertainment company.

North Korea has denied hacking into the computer system at Sony Pictures in retaliation for a film The Interview depicting the country's leader, but has also praised the attack itself as a "righteous deed". It has described the film as an "act of terrorism and an “act of war”.

And now the FBI has issued a general warning to businesses to be aware of a highly destructive malware, in the wake of the recent attack on US film and TV producer Sony Pictures. And the FBI has recently sent out a confidential five-page ‘flash' warning to US businesses, alerting them to an attack using malware that overrides all data on the hard drives of the infected computers and prevents them from booting up.

Other potential government against government cyberwarfare comes from Taiwan, which can also claim the dubious honor of being one of the most hacked, if not the most hacked, places in the world. The computers of its government, businesses and research centres are bombarded by attempts to infiltrate them to steal sensitive information, probe defences and explore their inner workings.

So hacked is Taiwan that employees of some government ministries are issued with two sets of computers - one connected to the internet, and a second that remains offline for security reasons.

Taiwanese cyber defence experts have even noticed correlations between attempts to intrude on Taiwan's networks and office hours in China - activity drops off during main-land China's national holidays and Taiwan estimates China has 100,000 people at work in a national cyber army today.

These high profile attacks signal a new era in the Internet age where it will no longer be innocent consumers exploited by criminals, but nation against nation. The final verdict about who is behind these sophisticated attacks has yet to be delivered, but experts agree that the clues are hard to miss.

Examiner:    Computerworld:   Business Insider:   Ein News:    BBC:   Security Affairs:

Ein News:  SC Magazine:  Independent:

 

 

 

 

 

 

 

« A Major Cyberattack will happen in next Decade!
Snowden’s Tips: Avoid Facebook And Google »

Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

Aerohive Networks

Aerohive Networks

Aerohive is a leader in mobility & cloud-enabled wi-fi networking solutions with secure and flexible access for BYOD, IoT, and guest devices.

National Cybersecurity Institute (NCI)

National Cybersecurity Institute (NCI)

NCI is a research center dedicated to assisting government and industry meet the challenges in cybersecurity policy, technology and education.

KoolSpan

KoolSpan

KoolSpan’s security and privacy solutions address the growing threat of loss or theft of intellectual property, information, and proprietary assets.

Mega

Mega

Mega is a secure cloud data storage provider with browser-based high-performance end-to-end encryption.

Komodo Consulting

Komodo Consulting

Komodo Consulting specializes in Penetration Testing and Red-Team Excercises, Cyber Threat Intelligence, Incident Response and Application Security.

AnChain.AI

AnChain.AI

AnChain.AI's analytics platform proactively protects crypto assets by providing proprietary artificial intelligence, knowledge graphs, and threat intelligence on blockchain transactions.

QNu Labs

QNu Labs

QNu Labs’s quantum-safe cryptography products and solutions assure unconditional security of critical data on the internet and cloud across all industry verticals, globally.

Clone Systems

Clone Systems

Clone Systems is an award winning global cloud based managed security as a service provider.