Last week’s breach of Sony Pictures Entertainment networks and the disabling of employees’ computers has likely been the incident that spurred the FBI to release a “flash” warning to US businesses on Monday, warning them a particularly destructive piece of malware wielded by yet unknown attackers.
According to Reuters, the warning included the malware’s technical details and instructions on how to protect company networks and computers from it, and listed its capabilities: overwriting of all the data on hard drives, including their MBR, and making it impossible for computers to boot up again.
The alert didn’t mention Sony Pictures Entertainment, but it’s widely known that the company involved the FBI and the DHS in the investigation of the attack that crippled their systems. They have also hired US cybersecurity firm Mandiant to help them clean up and restore the systems.
In the wake of the attack, the attackers have leaked some confidential data they have apparently stolen from the company, as well as a number of (officially unreleased) Sony’s new movies on file-sharing sites.
According to some sources, the malware is similar to that used in attacks against targets in South Korea and the Middle East (Aramco), widely believed to have been effected by North Korean and Iranian attackers.
This gave rise to the speculation that North Koreans are behind the Sony Pictures Entertainment hack, as the company is getting ready to release a comedy about two journalists/CIA recruits planning to assassinate Kim Jong Un, the North Korean leader.
The FBI warning also notes that parts of the malware have been compiled in Korean.