News

Investigation reveals possible link between Sony hack and South Korean targets

By admin
Spread the love

An investigation by Juan Andrés Guerrero-Saade, an employee at Kaspersky, has uncovered a possible link between the December 2014 Sony hack and other attacks on a South Korean nuclear power plant and on Samsung, which is also located in that country.

The news comes from a comprehensive report from the February 7 Kaspersky Security Analyst Summit, written by Wired. According to Guerrero-Saade, the attacks on the South Korean nuclear power plant and Samsung in December 2014 and October 2015 respectively revealed traces that show similarities with the traces found at Sony after it was hacked. The researcher says that the hackers showed the same code, passwords, user agent list and even the same typos. Also their code is in Korean.

The researchers managed to map several malware families with their search, but had found no connection with the Sony hackers. Only when Kaspersky discovered that the exact same dropper was being used for different malware families, could they start to make connections between the attacks on Sony, Samsung and the South Korean nuclear power plant, among others. The common dropper turned out to be protected with the same password in all cases.

In addition to the common dropper, the hackers also appear to use the same techniques several times to cover their tracks. For example, the hackers use a .bat file that erases all files used in the hack. Subsequently, this file also deletes itself to finish erasing the tracks. While the files themselves may be permanently gone, evidence of the existence of the .bat file remains in the logs of the infected machines. The researchers could also focus on this.

Guerrero-Saade is considering publishing a paper detailing his findings on the subject, but says he is reluctant to divulge too much about his developed methods. The more the hackers know about Kaspersky’s knowledge, the more they will feel compelled to change their methods. Guerrero-Saade calls the hackers “The Interviewers,” which is a reference to the Sony-published film The Interview, set in North Korea. Nevertheless, the researcher refuses to definitively designate North Korea as responsible, even though North Korea is South Korea’s biggest enemy. At the moment he is only concerned with investigating the methodology of the hackers and not who they are and where they come from. He does not rule out the possibility that further investigations will reveal links to hacks not targeting South Korea. The US FBI was almost immediately convinced of North Korea’s involvement in the Sony hack.

You might also like
News

Google is serious about ending passwords: ‘passkeys’ are becoming the…

Games

PlayStation has asked that all Gaming Heads merchandise be destroyed. Now your…

News

Rumor: Apple is working on its own applications based on a large language model

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway