North Korea continues cyber warfare against Sony

Uploaded on 2014-12-10 in INTELLIGENCE-Hot Spots-North Korea, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

The Interview stars Seth Rogen and James Franco as journalists enlisted to kill Kim Jong-un.

For the past few weeks, entertainment giant Sony Pictures has seen its computers paralysed by a cyberattack that has published unreleased movies and thousands of confidential documents. While there is widespread suspicion that North Korea is behind the attack, its unprecedented level of sophistication is a harbinger of cyber conflicts to come.

Now the hack against Sony Pictures appeared to enter new territory when employees reportedly received messages threatening them and their families. The message warned, "not only you but your family will be in danger."

Sony's computer system was attacked in late November and gigabytes of data, including unreleased movies, were stolen and leaked online. Embarrassing hacks have hit other companies in recent years, but threatening employees is highly unusual and will put extra pressure on law enforcement to find those responsible.

The message purports to be from the Guardians of Peace, the group that has claimed responsibility for the Sony hack. It's written in patchy English and opens with further threats against Sony.

"Removing Sony Pictures on earth is a very tiny work for our group which is a worldwide organization. And what we have done so far is only a small part of our further plan".

It then turns to Sony employees.

"Many things beyond imagination will happen at many places of the world. ... Please sign your name to object the false of the company at the email address below if you dont want to suffer damage. If you dont, not only you but your family will be in danger," the message reads.

The November attack crippled computers at Sony and led to upcoming films and workers' personal data being leaked online. The comedy The Interview, made by Sony Pictures, features James Franco and Seth Rogen as two journalists who are granted an audience with North Korean leader Kim Jong-Un. The CIA then enlists the pair to assassinate him.

The film is due to be released over Christmas. First Seth Rogen and James Franco and now Princess Beatrice of York has found herself the target of the recent cyber attack on Sony. Details of the royal’s pay were included in the latest document to be leaked by the anonymous hacker. It was revealed that the daughter of Prince Andrew, who is sixth in line to the British throne, earned a starting salary of $30,300 (£19,500) at the film company in her first year. Her position was listed as “Intermed Coord, Prod,” or “intermediate coordinating producer”, and her address was listed as Windsor, Berkshire.  She has been working with Sony Pictures, it continued, since January.

Bureau 121 and GOP

North Korea has created a sophisticated cyber operation called Bureau 121, which has been known to attack South Korea. Now defectors from 121 have said that the Bureau in the North is responsible for the attack on Sony Pictures.

However there is another group that has been suggested as the attackers. Researchers at TrendLabs, part of TrendMicro, announced that they have identified the strain of malware that was used in the cyber attack against Sony Pictures. And TrendLabs believe it to be from GOP (Guardians of Peace). GOP claim to be an independent hacking group who have people’s rights as their purpose for action and hacks.

There are therefore now two theories about the Sony Pictures hack. The first theory is that Guardians of Peace, was given access to the Sony's servers by a disgruntled employee, and the group's public statements seem to lead to this explanation.

The second theory is that Guardians of Peace is actually a group of hackers working for North Korea's Bureau 121, the collection of skilled hackers who regularly hack into networks in South Korea and the US. There's no proven link here, but security researchers have examined malware that could have been used by Guardians of Peace, and there are similarities with North Korean hacking tactics.

Sony Pictures is supporting the investigation conducted by the FBI and hired FireEye Mandiant to improve the incident response activities. A few days after the attack the FBI issued an alert to warn US businesses of a destructive strain of malware that had been utilized in an attack against a target in the US. Despite the FBI memo doesn’t explicitly mention Sony Pictures, but security experts are convicted that the Federal Bureau of Investigation is referring the attack on the entertainment company.

North Korea has denied hacking into the computer system at Sony Pictures in retaliation for a film The Interview depicting the country's leader, but has also praised the attack itself as a "righteous deed". It has described the film as an "act of terrorism and an “act of war”.

And now the FBI has issued a general warning to businesses to be aware of a highly destructive malware, in the wake of the recent attack on US film and TV producer Sony Pictures. And the FBI has recently sent out a confidential five-page ‘flash' warning to US businesses, alerting them to an attack using malware that overrides all data on the hard drives of the infected computers and prevents them from booting up.

Other potential government against government cyberwarfare comes from Taiwan, which can also claim the dubious honor of being one of the most hacked, if not the most hacked, places in the world. The computers of its government, businesses and research centres are bombarded by attempts to infiltrate them to steal sensitive information, probe defences and explore their inner workings.

So hacked is Taiwan that employees of some government ministries are issued with two sets of computers - one connected to the internet, and a second that remains offline for security reasons.

Taiwanese cyber defence experts have even noticed correlations between attempts to intrude on Taiwan's networks and office hours in China - activity drops off during main-land China's national holidays and Taiwan estimates China has 100,000 people at work in a national cyber army today.

These high profile attacks signal a new era in the Internet age where it will no longer be innocent consumers exploited by criminals, but nation against nation. The final verdict about who is behind these sophisticated attacks has yet to be delivered, but experts agree that the clues are hard to miss.

Examiner:    Computerworld:   Business Insider:   Ein News:    BBC:   Security Affairs:

Ein News:  SC Magazine:  Independent:

 

 

 

 

 

 

 

« A Major Cyberattack will happen in next Decade!
150 million cars will be connected to the Internet by 2020 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cambridge Intelligence

Cambridge Intelligence

Cambridge Intelligence are experts in network visualization and finding hidden trends in complex connected data. Applications include cybersecurity.

Simula Research Laboratory

Simula Research Laboratory

Simula Research Laboratory carries out research in the fields of communication systems, scientific computing and software engineering.

Bolton Labs

Bolton Labs

Bolton Labs is a leading provider cybersecurity services, tools, and analysis for MSPs and organizations who want to scale their security offerings.

PeckShield

PeckShield

PeckShield is a blockchain security company which aims to elevate the security, privacy, and usability of entire blockchain ecosystem by offering top-notch, industry-leading services and products.

Ten Eleven Ventures

Ten Eleven Ventures

Ten Eleven is a specialized venture capital firm exclusively dedicated to helping cybersecurity companies thrive.

BIND 4.0

BIND 4.0

Bind 4.0 is an acceleration program geared toward tech startups with solutions applied to Advanced Manufacturing, Smart Energy, Health Tech or Food Tech fields.

Clone Systems

Clone Systems

Clone Systems is an award winning global cloud based managed security as a service provider.

Control System Cyber Security Association International (CS2AI)

Control System Cyber Security Association International (CS2AI)

CS2AI is the premier global not for profit workforce development organization supporting professionals of all levels charged with securing control systems.

e5 Lab

e5 Lab

e5 Lab seeks to develop solutions to challenges faced by the shipping industry including digital transformation, autonomous technologies and big data in order to promote safe and efficient operations.

SecureOps

SecureOps

SecureOps is transforming the Managed Security Service Provider industry by providing tailored cybersecurity solutions proven to protect organizations from cyberattacks.

Appurity

Appurity

Appurity specialises in mobile and application security, delivering comprehensive solutions across all verticals.

Verizon

Verizon

Verizon is a leader in IT technology solutions - Verizon Cloud, Networking, Security, Mobility, Machine-to-Machine (M2M), Advanced Communications and Professional Services.

HaystackID

HaystackID

HaystackID provides industry-leading computer forensics, eDiscovery, and attorney document review experts to help with complex, data-intensive investigations and litigation.

Hummingbird International

Hummingbird International

Hummingbird International, LLC offers services for the collection, audit, computer recycling and safe disposal of laptops, monitor/LCD, hard drives, and IT disposal.

nodeQ

nodeQ

At nodeQ, we are pioneering the future of computer networks, leveraging our deep expertise in quantum communication, artificial intelligence, and software-defined networking.

FearsOff

FearsOff

FearsOff is a global information security company serving clients worldwide. White hat operators with a black hat mindset to emulate real world attacks and everchanging threat vectors.