Study links North Korea to Sony hack and malware campaign
Cyber-security firms Kaspersky and Alienvault Labs announced at the Kaspersky Security Analyst Summit that they had uncovered new evidence linking the massive Sony Pictures hack of 2014 with an ongoing malware attack directed at South Korea. The security firms believe that the same group has perpetrated both attacks and, though they did not specify where the attacks were coming from, their evidence does point to the group most likely operating out of North Korea.
Kaspersky and Alienvault collected nearly 500 malware samples over the course of a year that they believed to be related and after analyzing them discovered a number of striking similarities. Beyond sharing common user agent lists and attack structures, the two campaigns used the same password for their respective “dropper” programs and the chances of that happening coincidentally are miniscule. What’s more, programs for both attacks were written in the Korean Hangul alphabet. There’s no word on what, if any, recourse either Sony or the South Koreans have at this point.