Research reveals possible link between Sony hack and South Korean targets




Research by Juan Andrés Guerrero Saade, an employee at Kaspersky, has uncovered a possible link between the Sony hack by December 2014 and other attacks on a South Korean nuclear power and Samsung, which is also located in that country.

The news emerged from an extensive report from the Kaspersky Security Analyst Summit on February 7, written by Wired. According to Guerrero Saade are on the attack on the South Korean nuclear power and Samsung marks respectively in December 2014 and October 2015 found that show similarities with the traces were found at Sony after it was hacked. The researcher speaks of the same code hackers, passwords, user agent list and even had the same type of mistakes. Also their code in Korean.

The researchers knew their job search to identify several malware families, but had thus found a link with the Sony hackers. Only when Kaspersky found that exact same dropper was used for different malware families, they were able to establish links between the attacks include Sony, Samsung and the South Korean nuclear power station. The common dropper appeared namely protected in all cases with the same password.

Besides the common dropper prove the hackers also repeatedly use the same techniques to cover their tracks behind. So the hackers use a .bat file that contains all files used in the hack, obliterates. Subsequently, this file also removes himself to complete the erasure of the tracks. Even though the files themselves may be definitive way, proof of the existence of the .bat file is recorded in the logbooks of the infected machines. Here, the researchers could also focus on.

Guerrero Saade intends to publish a paper with his findings on the subject, but says he is reluctant because he did not want to reveal much about his methods developed. The more hackers know the knowledge of Kaspersky, the more they will feel compelled to change their methods. Guerrero Saade calls the hackers ‘The Interviewers’, which is a reference to the film The Interview published by Sony, which is happening in North Korea. Nevertheless, the researcher refuses to definitively North Korea designated as responsible, even though North Korea the greatest enemy of South Korea. At the moment he is only concerned with investigating the methods of hackers and not who they are and where they come from. He does not exclude that further research will reveal links with hacks that are not focused on South Korea. The FBI was almost immediate already convinced of North Korean involvement in the Sony hack

In: Thoughts to happiness Asked By: [18412 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »