The Sony Hackers Are Alive And Still Hacking

The hack against Sony in late 2014 was sudden and loud. The perpetrators made themselves known with a red skull emblazoned on computer screens.

A few days later they began to leak what they claimed was more than 100 terabytes of stolen data, including damaging emails and sensitive employee data. The scorched earth attack left Sony crippled for months after the attackers also destroyed data and systems on their way out the digital door, rendering some Sony servers inoperable in a move that cost the company an estimated $35 million in IT infrastructure repairs.

But a month later, after the US government blamed North Korea for the hack and some observers began calling the breach an act of terrorism, the attackers suddenly went silent. Or did they?

According to new data released this week by Juan Andrés Guerrero-Saade, senior security researcher with Kaspersky Lab’s Global Research and Analysis Team, and Jaime Blasco who heads the Lab Intelligence and Research team at AlienVault Labs, the hackers behind the Sony breach are alive and well…and still hacking.

Or at least evidence uncovered from hacks of various entities after the Sony breach, including South Korea’s nuclear power plant operator and Samsung in South Korea, suggests this later activity has ties to the Sony case.

“They didn’t disappear…not at all,” Guerrero-Saade said during a presentation with Blasco recently at the Kaspersky Security Analyst Summit in Spain.

If true, it would mean the hackers who demonstrated an “extremely high” level of sophistication in the Sony attack have been dropping digital breadcrumbs for at least the last year, crumbs that researchers can now use to map their activity and see where they’ve been. The clues include—to name a few—re-used code, passwords, and obfuscation methods, as well as a hardcoded user agent list that showed up repeatedly in attacks, always with Mozilla consistently misspelled as “Mozillar.”

Wired: 

« AI Could Leave Half Of The World Unemployed
The Big Three: N. Korea, ISIS and CyberWar »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LRQA Nettitude

LRQA Nettitude

LRQA Nettitude is an award-winning global provider of cybersecurity services, bringing innovative thought leadership to the ever-evolving cybersecurity marketplace.

DCIT

DCIT

DCIT is a specialist in providing comprehensive consulting and auditing services in the field of information technology, PROVYS development software and security system AuditSquare.

Waratek

Waratek

Waratek is a pioneer in the next generation of application security solutions known as Runtime Application Self-Protection or RASP.

Taqnia Cyber

Taqnia Cyber

Taqnia Cyber specializes in the fields of cyber security, intelligence, operations, and training. It offers its services and consultations to both public and private sectors.

Norsk Akkreditering

Norsk Akkreditering

Norsk Akkreditering is the national accreditation body for Norway. The directory of members provides details of organisations offering certification services for ISO 27001.

Secure Recruitment

Secure Recruitment

Secure Recruitment is a specialist Executive Search business that focuses its efforts on attracting specific exceptional talent in Cyber Security.

Cybersecurity Collaboration Forum

Cybersecurity Collaboration Forum

The mission of the Cybersecurity Collaboration Forum is to foster information security communication and idea sharing across the C-Suite, enabling leaders to better protect their enterprises.

Knowledge Lens

Knowledge Lens

Knowledge Lens builds innovative solutions on niche technology areas such as Big Data Analytics, Data Science, Artificial Intelligence, Internet of Things, Augmented Reality, and Blockchain.

Island

Island

Island puts the enterprise in complete control of the browser, delivering a level of governance, visibility, and productivity that simply weren’t possible before.

Tentacle

Tentacle

Tentacle has developed a configurable data management tool that helps organizations to improve their information security programs and overall security posture.

Symbol Security

Symbol Security

Through situational learning, simulations, and a gamified user experience, Symbol strengthens the cyber awareness of employees and helps companies lower cyber risk.

Rhymetec

Rhymetec

Rhymetec are an industry leader in cloud security, providing innovative cybersecurity and data privacy services to the modern-day SaaS business.

HIFENCE

HIFENCE

HIFENCE delivers cybersecurity and networking services that make your company safer and more secure. That’s all we do, so you can concentrate on all the things that you do best.

Vigilant Ops

Vigilant Ops

Vigilant Ops is a leader in Software Bill of Materials (SBOM) Automation. A proactive approach to cybersecurity with continuous vulnerability monitoring.

Gleam Cloud Security Solutions (GCSS)

Gleam Cloud Security Solutions (GCSS)

GCSS Security is an information security firm providing cyber security protection with a highly skilled and experienced team focused on technology that creates best-in-class customer experiences.

Syteca

Syteca

Syteca is specifically designed to secure organizations against threats caused by insiders. It provides full visibility and control over internal risks.