The Sony Hackers Are Alive And Still Hacking

Uploaded on 2016-02-24 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The hack against Sony in late 2014 was sudden and loud. The perpetrators made themselves known with a red skull emblazoned on computer screens.

A few days later they began to leak what they claimed was more than 100 terabytes of stolen data, including damaging emails and sensitive employee data. The scorched earth attack left Sony crippled for months after the attackers also destroyed data and systems on their way out the digital door, rendering some Sony servers inoperable in a move that cost the company an estimated $35 million in IT infrastructure repairs.

But a month later, after the US government blamed North Korea for the hack and some observers began calling the breach an act of terrorism, the attackers suddenly went silent. Or did they?

According to new data released this week by Juan Andrés Guerrero-Saade, senior security researcher with Kaspersky Lab’s Global Research and Analysis Team, and Jaime Blasco who heads the Lab Intelligence and Research team at AlienVault Labs, the hackers behind the Sony breach are alive and well…and still hacking.

Or at least evidence uncovered from hacks of various entities after the Sony breach, including South Korea’s nuclear power plant operator and Samsung in South Korea, suggests this later activity has ties to the Sony case.

“They didn’t disappear…not at all,” Guerrero-Saade said during a presentation with Blasco recently at the Kaspersky Security Analyst Summit in Spain.

If true, it would mean the hackers who demonstrated an “extremely high” level of sophistication in the Sony attack have been dropping digital breadcrumbs for at least the last year, crumbs that researchers can now use to map their activity and see where they’ve been. The clues include—to name a few—re-used code, passwords, and obfuscation methods, as well as a hardcoded user agent list that showed up repeatedly in attacks, always with Mozilla consistently misspelled as “Mozillar.”

Wired: 

« AI Could Leave Half Of The World Unemployed
The Big Three: N. Korea, ISIS and CyberWar »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perspective Risk

Perspective Risk

Perspective Risk provides penetration testing, security assessments, risk management & compliance solutions, InfoSec training and consultancy services.

SentinelOne

SentinelOne

SentinelOne is a pioneer in delivering autonomous security for the endpoint, datacenter and cloud environments to help organizations secure their assets with speed and simplicity.

Quorum Cyber

Quorum Cyber

Quorum Cyber offer end-to-end cyber security solutions, specialising in Managed Security Services, Consulting and Resourcing.

Platin Bilişim

Platin Bilişim

Platin Bilisim is an IT Security company providing consultancy, solutions and operational support services.

TruNarrative

TruNarrative

TruNarrative provides a unified solution for Identity Verification, Fraud Detection, eKYC, Risk Assessment, AML Compliance and Account Monitoring.

Identity Defined Security Alliance (IDSA)

Identity Defined Security Alliance (IDSA)

IDSA is a group of identity and security vendors, solution providers and practitioners that acts as an independent source of education and information on identity-centric security strategies.

tru.ID

tru.ID

We’re tru.ID, and we're reimagining mobile authentication, one API at a time.

AgilePQ

AgilePQ

AgilePQ visibly secures IoT devices worldwide to protect the privacy, safety, and well-being of all people.

ECIT

ECIT

ECIT is your preferred provider of finance and IT services. We believe in the value of combining financial and IT services to streamline and improve the operation of your business.

c0c0n

c0c0n

c0c0n is the longest running conferences in the area of Information Security and Hacking, in India.

CipherStash

CipherStash

CipherStash is a complete data governance and breach prevention platform.

Actelis Networks

Actelis Networks

Actelis Networks is a market leader in cyber-hardened, rapid deployment networking solutions for wide-area IoT applications.

Amplifier Security

Amplifier Security

Amplifier Security are on a mission to empower security teams to modernize their practice by connecting the dots between their security stack and their people.

RESTIV Technology

RESTIV Technology

RESTIV Compliance Copilot is your partner in continuous compliance. Real-time monitoring, continuous testing, and transparent evidence—no surprises, just peace of mind.

Secomea

Secomea

Secomea redefines manufacturing plant security by combining internationally recognized industry best practices as critical components of our robust cybersecurity strategy.

Blaze Networks

Blaze Networks

Blaze are a security-focused Managed Services Provider delivering communications and IT services to businesses across the UK.