Researchers analyze destructive malware used in Sony hack
Who is behind the Sony Pictures Entertainment hack, and how extensive is it? These are two questions to which we still don’t know the answers, but new leaks and hints are popping up every day.
According to Forbes contributor Thomas Fox-Brewster, even Troels Oerting, director of the European Cyber Crime Centre (EC3), seems to believe that the attackers are likely North Korean.
On the other hand, alleged members of the Guardians of Peace hacking group have apparently spoken up on several occasions, citing inequality and the company’s greed as the main reason behing the attack.
In the meantime, documents stolen from Sony Pictures that have been published were found to include also some financial records of auditing and consulting giant Deloitte, which apparently were compiled to analyze the difference in Deloitte’s employees’ salaries according to race, gender, and job position in order to determine whether there was racial or gender-based compensation discrimination within the company.
The documents purportedly date back to 2005, and come from a single computer belonging to a Sony Pictures employee that previously worked for Deloitte. The latter company has stated that they have still to confirm their veracity.
It’s still unclear how the attackers managed to find their way inside Sony Pictures’ networks and systems, and whether they have destroyed data as well as stolen it. There is also speculation that the attackers had inside help.
Trend Micro researchers have analyzed a sample of the destructive malware described in the FBI alert issued on Tuesday, but it has still not been officially confirmed that this malware is the same one that was used by the Sony Pictures attackers. Still, one variant of the malware drops a BMP file in the target system’s Windows directory, and it is the same wallpaper/warning that welcomed the company’s employees when they tried to use their computers on November 24.
Sean Gallagher has more in-depth information about the malware and things companies can do to spot it before it wipes their computers.