North Korea continues cyber warfare against Sony

Uploaded on 2014-12-10 in INTELLIGENCE-Hot Spots-North Korea, GOVERNMENT-National, FREE TO VIEW, NEWS-News Analysis, TECHNOLOGY--Hackers

The Interview stars Seth Rogen and James Franco as journalists enlisted to kill Kim Jong-un.

For the past few weeks, entertainment giant Sony Pictures has seen its computers paralysed by a cyberattack that has published unreleased movies and thousands of confidential documents. While there is widespread suspicion that North Korea is behind the attack, its unprecedented level of sophistication is a harbinger of cyber conflicts to come.

Now the hack against Sony Pictures appeared to enter new territory when employees reportedly received messages threatening them and their families. The message warned, "not only you but your family will be in danger."

Sony's computer system was attacked in late November and gigabytes of data, including unreleased movies, were stolen and leaked online. Embarrassing hacks have hit other companies in recent years, but threatening employees is highly unusual and will put extra pressure on law enforcement to find those responsible.

The message purports to be from the Guardians of Peace, the group that has claimed responsibility for the Sony hack. It's written in patchy English and opens with further threats against Sony.

"Removing Sony Pictures on earth is a very tiny work for our group which is a worldwide organization. And what we have done so far is only a small part of our further plan".

It then turns to Sony employees.

"Many things beyond imagination will happen at many places of the world. ... Please sign your name to object the false of the company at the email address below if you dont want to suffer damage. If you dont, not only you but your family will be in danger," the message reads.

The November attack crippled computers at Sony and led to upcoming films and workers' personal data being leaked online. The comedy The Interview, made by Sony Pictures, features James Franco and Seth Rogen as two journalists who are granted an audience with North Korean leader Kim Jong-Un. The CIA then enlists the pair to assassinate him.

The film is due to be released over Christmas. First Seth Rogen and James Franco and now Princess Beatrice of York has found herself the target of the recent cyber attack on Sony. Details of the royal’s pay were included in the latest document to be leaked by the anonymous hacker. It was revealed that the daughter of Prince Andrew, who is sixth in line to the British throne, earned a starting salary of $30,300 (£19,500) at the film company in her first year. Her position was listed as “Intermed Coord, Prod,” or “intermediate coordinating producer”, and her address was listed as Windsor, Berkshire.  She has been working with Sony Pictures, it continued, since January.

Bureau 121 and GOP

North Korea has created a sophisticated cyber operation called Bureau 121, which has been known to attack South Korea. Now defectors from 121 have said that the Bureau in the North is responsible for the attack on Sony Pictures.

However there is another group that has been suggested as the attackers. Researchers at TrendLabs, part of TrendMicro, announced that they have identified the strain of malware that was used in the cyber attack against Sony Pictures. And TrendLabs believe it to be from GOP (Guardians of Peace). GOP claim to be an independent hacking group who have people’s rights as their purpose for action and hacks.

There are therefore now two theories about the Sony Pictures hack. The first theory is that Guardians of Peace, was given access to the Sony's servers by a disgruntled employee, and the group's public statements seem to lead to this explanation.

The second theory is that Guardians of Peace is actually a group of hackers working for North Korea's Bureau 121, the collection of skilled hackers who regularly hack into networks in South Korea and the US. There's no proven link here, but security researchers have examined malware that could have been used by Guardians of Peace, and there are similarities with North Korean hacking tactics.

Sony Pictures is supporting the investigation conducted by the FBI and hired FireEye Mandiant to improve the incident response activities. A few days after the attack the FBI issued an alert to warn US businesses of a destructive strain of malware that had been utilized in an attack against a target in the US. Despite the FBI memo doesn’t explicitly mention Sony Pictures, but security experts are convicted that the Federal Bureau of Investigation is referring the attack on the entertainment company.

North Korea has denied hacking into the computer system at Sony Pictures in retaliation for a film The Interview depicting the country's leader, but has also praised the attack itself as a "righteous deed". It has described the film as an "act of terrorism and an “act of war”.

And now the FBI has issued a general warning to businesses to be aware of a highly destructive malware, in the wake of the recent attack on US film and TV producer Sony Pictures. And the FBI has recently sent out a confidential five-page ‘flash' warning to US businesses, alerting them to an attack using malware that overrides all data on the hard drives of the infected computers and prevents them from booting up.

Other potential government against government cyberwarfare comes from Taiwan, which can also claim the dubious honor of being one of the most hacked, if not the most hacked, places in the world. The computers of its government, businesses and research centres are bombarded by attempts to infiltrate them to steal sensitive information, probe defences and explore their inner workings.

So hacked is Taiwan that employees of some government ministries are issued with two sets of computers - one connected to the internet, and a second that remains offline for security reasons.

Taiwanese cyber defence experts have even noticed correlations between attempts to intrude on Taiwan's networks and office hours in China - activity drops off during main-land China's national holidays and Taiwan estimates China has 100,000 people at work in a national cyber army today.

These high profile attacks signal a new era in the Internet age where it will no longer be innocent consumers exploited by criminals, but nation against nation. The final verdict about who is behind these sophisticated attacks has yet to be delivered, but experts agree that the clues are hard to miss.

Examiner:    Computerworld:   Business Insider:   Ein News:    BBC:   Security Affairs:

Ein News:  SC Magazine:  Independent:

 

 

 

 

 

 

 

« A Major Cyberattack will happen in next Decade!
150 million cars will be connected to the Internet by 2020 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: How to improve your security posture with a web application firewall (WAF)

ON-DEMAND WEBINAR: How to improve your security posture with a web application firewall (WAF)

Watch this webinar to discover how a WAF goes beyond a standard firewall and helps you meet security industry compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DKCERT

DKCERT

DKCERT (Danish Computer Security Incident Response Team) is a service of DeIC (Danish e-Infrastructure Cooperation).

CERT-IS

CERT-IS

CERT-IS is the national Computer Emergency Response Team for Iceland.

Neoteric Networks

Neoteric Networks

We deliver a no nonsense procedure to implementing technology. The technology selection process ensures that all customers enjoy an engineered methodology implementing technology.

Sage Designs

Sage Designs

Sage Designs is a provider of SCADA, Security & Industrial Automation products and training programs.

Wallarm

Wallarm

Wallarm offers an adaptive security platform including an integrated Web vulnerability scanner and NG-WAF solution with automatically generated security rules based on AI.

Vehere

Vehere

Vehere specialises in mission critical signals aquisition and analytics platform and cyber defence systems.

National Accreditation Agency of Ukraine (NAAU)

National Accreditation Agency of Ukraine (NAAU)

NAAU is the national accreditation body for Ukraine. The directory of members provides details of organisations offering certification services for ISO 27001.

CorkBIC International Security Accelerator

CorkBIC International Security Accelerator

CorkBIC International Security Accelerator invests in early stage disruptive companies in the security industry including, Cybersecurity, Internet of Things (IOT), Blockchain and AI.

iZOOlogic

iZOOlogic

iZOOlogic protects hundreds of the world’s leading brands, across banking, finance and government from cybercrime. We provide strong cyber defence solutions to protect client digital assets.

BLUECYFORCE

BLUECYFORCE

BLUECYFORCE is the leading professional training and cyber defense training organization in France.

Area 1 Security

Area 1 Security

Area 1 is the only Pay-per-Phish solution in cyber security. And the only technology that blocks phishing attacks before they damage your business.

Thrive

Thrive

Thrive delivers the experience, resources, and expertise needed to create a comprehensive cyber security plan that covers your vital data, SaaS applications, end users, and critical infrastructure.

KanREN

KanREN

KanREN is a member based consortium offering custom, world-class network services and support for researchers, educators, and public service institutions in the state of Kansas.

Safetech Innovations

Safetech Innovations

Safetech Innovations is a team of cyber security experts, always at your service. We use human and cyber intelligence to help your business in uncertain times.

IronClad Encryption (ICE)

IronClad Encryption (ICE)

Ironclad Encryption is Dynamic Encryption. The encryption sequence changes continuously so there is never a correlation between data sent and data received.

Clearedin

Clearedin

Clearedin’s Cloud Security platform delivers 4 channels of phishing protection for all popular B2B software platforms: chat, email, collaboration, and file sharing.