North Korean Sony Pictures Hackers Still Out There

Sony Pictures - The Interview

Nearly two years later and it’s still impossible to get a real gauge at what happened to Sony Pictures right before Thanksgiving 2014. For those unfamiliar with it, in short, the Hollywood studio was hit with a massive cyberattack that

claimed was more than 100 terabytes of stolen data, including damaging emails and sensitive employee data. The scorched earth attack left Sony crippled for months after the attackers also destroyed data and systems on their way out the digital door, rendering some Sony servers inoperable in a move that cost the company an estimated $35 million in IT infrastructure repairs.

While cyberattacks are unfortunately nothing knew to us or Sony, this case with a bit interesting because in addition to the massive damages that was done to Sony Pictures, including unreleased films leaking, the event was seen as severe enough for the US government to get involved. Specifically, the US

 blamed North Korea for the hack and some observers began calling the breach an act of terrorism 

Eventually, the attacks would go dark and the whole thing became yesterday’s news. Except, it seems that not only did the hackers come from North Korea, but that they’ve been busy exciting other attacks, including targeting

 South Korea’s nuclear power plant 

More after the jump.

Kim Zetter writes:

According to new data released this week by Juan Andrés Guerrero-Saade, senior security researcher with Kaspersky Lab’s Global Research and Analysis Team, and Jaime Blasco who heads the Lab Intelligence and Research team at AlienVault Labs, the hackers behind the Sony breach are alive and well…and still hacking. Or at least evidence uncovered from hacks of various entities after the Sony breach, including South Korea’s nuclear power plant operator and Samsung in South Korea, suggests this later activity has ties to the Sony case.

So who are the attackers?

The researchers shied away from directly attributing them to North Korea, but in their presentation they called the attackers they were tracking The Interviewers, a clear reference to the Seth Rogen and James Franco comedy The Interview, which the US government says was the motive for North Korea to hack Sony.

One clue as to who’s been behind the attacks has been traces of Hangul.

In a campaign exposed last September, the attackers explicitly targeted vulnerabilities in Hangul, a word processing program made by a South Korean company and used extensively by the South Korean government. The so-called Hangman exploit the attackers created to exploit the Hangul software was used in a spear-phishing campaign to target someone working in South Korea’s nuclear industry. The attacks targeting the Hangul software have been attributed to North Korean actors by FireEye, the computer security firm that investigated the Sony hack in 2014.

The seeming focus on South Korea, and the connection to the Sony hack which has been attributed to North Korea, would seem to suggest that North Korea—South Korea’s greatest enemy—is behind all of these related attacks.

The whole read is quite fascinating – it’s less about Sony Pictures and placing blame, and instead focusing on the clues they’ve uncovered during their investigation. Ultimately, the whole thing still feels petty. Not to say that North Korea hasn’t committed cyberattacks but that they attacking Sony Pictures because of The Interview seems petty and more like an internal thing. To that point, I’m not even sure how you can steal 100TB of data. That would take days upon days to extract. Surely somebody would notice versus bringing some hard drives to work and dumping data that way.

Discuss:

Do you think North Korea was behind the Sony Pictures hack?

[Via Wired]