The Sony Hackers Are Alive And Still Hacking

Uploaded on 2016-02-24 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The hack against Sony in late 2014 was sudden and loud. The perpetrators made themselves known with a red skull emblazoned on computer screens.

A few days later they began to leak what they claimed was more than 100 terabytes of stolen data, including damaging emails and sensitive employee data. The scorched earth attack left Sony crippled for months after the attackers also destroyed data and systems on their way out the digital door, rendering some Sony servers inoperable in a move that cost the company an estimated $35 million in IT infrastructure repairs.

But a month later, after the US government blamed North Korea for the hack and some observers began calling the breach an act of terrorism, the attackers suddenly went silent. Or did they?

According to new data released this week by Juan Andrés Guerrero-Saade, senior security researcher with Kaspersky Lab’s Global Research and Analysis Team, and Jaime Blasco who heads the Lab Intelligence and Research team at AlienVault Labs, the hackers behind the Sony breach are alive and well…and still hacking.

Or at least evidence uncovered from hacks of various entities after the Sony breach, including South Korea’s nuclear power plant operator and Samsung in South Korea, suggests this later activity has ties to the Sony case.

“They didn’t disappear…not at all,” Guerrero-Saade said during a presentation with Blasco recently at the Kaspersky Security Analyst Summit in Spain.

If true, it would mean the hackers who demonstrated an “extremely high” level of sophistication in the Sony attack have been dropping digital breadcrumbs for at least the last year, crumbs that researchers can now use to map their activity and see where they’ve been. The clues include—to name a few—re-used code, passwords, and obfuscation methods, as well as a hardcoded user agent list that showed up repeatedly in attacks, always with Mozilla consistently misspelled as “Mozillar.”

Wired: 

« AI Could Leave Half Of The World Unemployed
The Big Three: N. Korea, ISIS and CyberWar »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Device Authority

Device Authority

Device Authority specialises in security automation for the Internet of Things (IoT).

Willis Towers Watson

Willis Towers Watson

Willis Towers Watson is a global risk management, insurance brokerage and advisory company. Services offered include Cyber Risks insurance.

CERTuy

CERTuy

CERTuy is the national Computer Emergency Response Team for Uruguay.

Compnet

Compnet

Compnet is a service company that assists customers in integrating complete ICT systems including network infrastructure and security solutions.

Zero Networks

Zero Networks

With Zero Network, you can achieve affordable, airtight network access security at scale.

ActiveNav

ActiveNav

ActiveNav provide dark data discovery solutions for compliance and information governance.

SyferLock Technology Corp.

SyferLock Technology Corp.

SyferLock is an innovative provider of next-generation authentication and security solutions.

WidePoint

WidePoint

WidePoint Corporation is an innovative provider of Trusted Mobility Management (TM2) solutions.

Team Secure

Team Secure

Team Secure provide Enterprise-grade Cyber Security consultancy, managed security services and cyber security staffing services.

Zilla Security

Zilla Security

Zilla combines identity governance with cloud security to deliver comprehensive access visibility, reviews, lifecycle management, and policy-based security remediation.

Varutra Consulting

Varutra Consulting

Varutra Consulting is an Cyber Security Consulting, Solutions and Training services firm, providing specialized security services for software, mobile and network.

Teleskope

Teleskope

Teleskope are on a mission to empower businesses to protect sensitive data by default.

Cakewalk

Cakewalk

Cakewalk is the new standard in easy Access Control. Trusted by IT & Security teams. Loved by employees.

Athena7

Athena7

Athena7 is a dedicated assessment practice committed to helping organizations understand how their infrastructure, backups, and security controls will withstand the latest threat actor tactics.

EyBrids

EyBrids

As a forward-thinking cybersecurity consulting firm, we believe that robust security is the foundation for innovation and growth in today’s digital landscape.

Bastion Security Group

Bastion Security Group

Bastion Security combines the skills, expertise and leadership from Quantum Security, ZX Security, Helix Security and Cassini.