Researchers discover tools that were used in Sony Pictures hack




Researchers have found new tools within the Destover malware that provide insight into how hackers managed to penetrate a year ago at the Sony Pictures servers inside. The two tools are able to fake timestamps and adapt to logs.

Researchers from the US cyber security firm Damballa discovered the tools, called setMFT and afset in a recent sample of the Destover malware, which was used in the Sony Pictures- hack. According to the researchers, the two files at the time of the hack were reported, but no further associated with Destover. The tools help to go unnoticed in the network and spreading within the same network.

SetMFT is able to falsify timestamps of files so make sure that does not stand a newly introduced file among the other files on the server. In this way, simple file scans and security staff carrying out manual checks, to deceive. A more thorough check would, however, reveal that the timestamps of the files do not match write data and log files. The tools use a driver that also Destover self employed.

Destover afset The second tool, afset is also able to also adjust timestamps and enables Windows logs wiping based on criteria such as id and time. In this way, the write operations of the malware files can be disguised. Although according to Damballa with a complete analysis of the system and the presence of traces afset and setMFT can be found, the tools provide an attacker have more than enough time to do its work.

Sony Pictures was in November of 2014 hacked by a group calling itself Guardians of Peace. The attackers had email addresses, passwords, documents and financial data captured. They also have movies won by Sony Pictures and published. The emails and documents were distributed by WikiLeaks earlier this year. In total, concerned the data of 47,000 employees of the company. According to the US government North Korea was behind the hack.


In: A Technology & Gadgets Asked By: [21358 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »