North Korea continues cyber warfare against Sony

Uploaded on 2014-12-10 in INTELLIGENCE-Hot Spots-North Korea, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

The Interview stars Seth Rogen and James Franco as journalists enlisted to kill Kim Jong-un.

For the past few weeks, entertainment giant Sony Pictures has seen its computers paralysed by a cyberattack that has published unreleased movies and thousands of confidential documents. While there is widespread suspicion that North Korea is behind the attack, its unprecedented level of sophistication is a harbinger of cyber conflicts to come.

Now the hack against Sony Pictures appeared to enter new territory when employees reportedly received messages threatening them and their families. The message warned, "not only you but your family will be in danger."

Sony's computer system was attacked in late November and gigabytes of data, including unreleased movies, were stolen and leaked online. Embarrassing hacks have hit other companies in recent years, but threatening employees is highly unusual and will put extra pressure on law enforcement to find those responsible.

The message purports to be from the Guardians of Peace, the group that has claimed responsibility for the Sony hack. It's written in patchy English and opens with further threats against Sony.

"Removing Sony Pictures on earth is a very tiny work for our group which is a worldwide organization. And what we have done so far is only a small part of our further plan".

It then turns to Sony employees.

"Many things beyond imagination will happen at many places of the world. ... Please sign your name to object the false of the company at the email address below if you dont want to suffer damage. If you dont, not only you but your family will be in danger," the message reads.

The November attack crippled computers at Sony and led to upcoming films and workers' personal data being leaked online. The comedy The Interview, made by Sony Pictures, features James Franco and Seth Rogen as two journalists who are granted an audience with North Korean leader Kim Jong-Un. The CIA then enlists the pair to assassinate him.

The film is due to be released over Christmas. First Seth Rogen and James Franco and now Princess Beatrice of York has found herself the target of the recent cyber attack on Sony. Details of the royal’s pay were included in the latest document to be leaked by the anonymous hacker. It was revealed that the daughter of Prince Andrew, who is sixth in line to the British throne, earned a starting salary of $30,300 (£19,500) at the film company in her first year. Her position was listed as “Intermed Coord, Prod,” or “intermediate coordinating producer”, and her address was listed as Windsor, Berkshire.  She has been working with Sony Pictures, it continued, since January.

Bureau 121 and GOP

North Korea has created a sophisticated cyber operation called Bureau 121, which has been known to attack South Korea. Now defectors from 121 have said that the Bureau in the North is responsible for the attack on Sony Pictures.

However there is another group that has been suggested as the attackers. Researchers at TrendLabs, part of TrendMicro, announced that they have identified the strain of malware that was used in the cyber attack against Sony Pictures. And TrendLabs believe it to be from GOP (Guardians of Peace). GOP claim to be an independent hacking group who have people’s rights as their purpose for action and hacks.

There are therefore now two theories about the Sony Pictures hack. The first theory is that Guardians of Peace, was given access to the Sony's servers by a disgruntled employee, and the group's public statements seem to lead to this explanation.

The second theory is that Guardians of Peace is actually a group of hackers working for North Korea's Bureau 121, the collection of skilled hackers who regularly hack into networks in South Korea and the US. There's no proven link here, but security researchers have examined malware that could have been used by Guardians of Peace, and there are similarities with North Korean hacking tactics.

Sony Pictures is supporting the investigation conducted by the FBI and hired FireEye Mandiant to improve the incident response activities. A few days after the attack the FBI issued an alert to warn US businesses of a destructive strain of malware that had been utilized in an attack against a target in the US. Despite the FBI memo doesn’t explicitly mention Sony Pictures, but security experts are convicted that the Federal Bureau of Investigation is referring the attack on the entertainment company.

North Korea has denied hacking into the computer system at Sony Pictures in retaliation for a film The Interview depicting the country's leader, but has also praised the attack itself as a "righteous deed". It has described the film as an "act of terrorism and an “act of war”.

And now the FBI has issued a general warning to businesses to be aware of a highly destructive malware, in the wake of the recent attack on US film and TV producer Sony Pictures. And the FBI has recently sent out a confidential five-page ‘flash' warning to US businesses, alerting them to an attack using malware that overrides all data on the hard drives of the infected computers and prevents them from booting up.

Other potential government against government cyberwarfare comes from Taiwan, which can also claim the dubious honor of being one of the most hacked, if not the most hacked, places in the world. The computers of its government, businesses and research centres are bombarded by attempts to infiltrate them to steal sensitive information, probe defences and explore their inner workings.

So hacked is Taiwan that employees of some government ministries are issued with two sets of computers - one connected to the internet, and a second that remains offline for security reasons.

Taiwanese cyber defence experts have even noticed correlations between attempts to intrude on Taiwan's networks and office hours in China - activity drops off during main-land China's national holidays and Taiwan estimates China has 100,000 people at work in a national cyber army today.

These high profile attacks signal a new era in the Internet age where it will no longer be innocent consumers exploited by criminals, but nation against nation. The final verdict about who is behind these sophisticated attacks has yet to be delivered, but experts agree that the clues are hard to miss.

Examiner:    Computerworld:   Business Insider:   Ein News:    BBC:   Security Affairs:

Ein News:  SC Magazine:  Independent:

 

 

 

 

 

 

 

« A Major Cyberattack will happen in next Decade!
150 million cars will be connected to the Internet by 2020 »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Centrify

Centrify

Centrify’s Next-Gen Access is an identity & access management solution that uniquely converges Identity-as-a-Service, enterprise mobility management and privileged access management.

XenArmor

XenArmor

XenArmor products include NetCertScanner, an enterprise software to scan & manage expired SSL Certificates on your local network or internet.

WireX Systems

WireX Systems

WireX is an innovative network intelligence and forensics company that is changing the way businesses resolve cyber-attacks.

ECOS Technology

ECOS Technology

ECOS Technology specializes in the development and sale of IT solutions for high-security remote access as well as the management of certificates and smart cards.

GreyCortex

GreyCortex

GreyCortex uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

Travelers

Travelers

Travelers is a leading writer of US commercial property casualty insurance and one of the world’s largest global insurers for cyber insurance.

Rentalworks

Rentalworks

Rentalworks is a leading provider of Internet-of-Things (IoT) Asset Lifecycle Management Services including secure data erasure and disposal.

Swiss It Security Group

Swiss It Security Group

Swiss It Security Group offers clients complete IT security concepts based on innovative solutions and technology, with a focus on protection, detection and defence.

US Digital Corps

US Digital Corps

The U.S. Digital Corps is a new two-year fellowship for early-career technologists where you will work every day to make a difference in critical impact areas including cybersecurity.

Guardio

Guardio

Guardio develop tools and products to combat modern web and browser threats.

SpiderOak

SpiderOak

SpiderOak's portfolio of Secure Communication & Collaboration products ensure the confidentiality, integrity, and availability of your most sensitive data in any environment.

Nuance Communications

Nuance Communications

From revolutionizing the doctor-patient relationship to reinventing the way brands connect with their customers, Nuance technology helps organizations push the boundaries of what’s possible.

ConvergePoint

ConvergePoint

ConvergePoint is the leading compliance software provider on the Microsoft Office 365 SharePoint platform.

Huntr

Huntr

Huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications.

Skylark

Skylark

Skylark is a leading global IT services provider, transforming client’s businesses through innovative and advanced technology solutions.

Cloud Carib

Cloud Carib

Cloud Carib is the premier provider of managed cloud services in the Caribbean and Latin American regions.