Last week, experts at TrendMicro provided the details of the wiper malware that infected the systems at Sony Picture, today experts at the firm AlienVault dissected a sample of the code identified with the information provided by the FBI.
The AlienVault’s labs director Jaime Blasco analyzed a sample of the malware that was detected by company’s honeypots, the malware was compiled between November 22th and 24th, a few days before the major attack against Sony Pictures.
The most interesting discovery that the experts made is that the wiper malware was compiled by a computer with Korean language text settings.
Despite the findings link the malware to North Korea, the Government of Pyongyang is denying any involvement in the cyber attack on Sony Pictures.
The analysis conducted by AlienVault provides further evidences for the involvement of North Korea hackers, highlighting that the source code was specifically designed to target the Sony Pictures. The strain of malware analyzed by Alien Vault used a simple login and password to gain access to corporate Sony Picture network, this circumstance suggests that the hackers have already targeted the company, for example stealing network credentials in a spear phishing attack.
AlienVault confirmed that the wiper malware once infected the victims has deleted any data on their hard drives, performed other malicious activities and displayed the GOP manifest.
The experts don’t exclude that the code was reused from preexisting wiper malware, but their analysis revealed that it was customized and deployed by Korean speaking hackers, and security community believe that experts of that country are directly linked to the central Government.
(Security Affairs – Sony Pictures, North Korea, wiper malware)