The cyber attack against Sony Pictures is monopolizing the attention of the media, in particular, the problem of the attribution is hard to solve.
The FBI released the findings of its investigation that definitively indicate that North Korea was behind the cyberattack on Sony Pictures.
“As a result of our investigation, and in close collaboration with other US Government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions,” the FBI said Friday in a statement.
The US law enforcement suspect the involvement of North Korea’s Unit 121, which is the group of hackers working under the direction of the General Bureau of Reconnaissance.
Investigators have recognized the TTPs of North Korean state-sponsored hackers, the FBI confirmed in the official update provided in the Sony case. The FBI revealed many similarities between the wiper malware that infected the systems at Sony Pictures and other malicious code attributed to the North Korean cyber units. Below an excerpt from the FBI update:
As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:
– Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
– The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
-Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.
The US authorities are very concerned by the possibility that similar attacks will hit other companies in the USA in the next months.
“We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States,” read the FBI statement.
In response to the FBI update on the Sony Pictures hack, North Korea has refused the accusations and has proposed a joint investigation with the US law enforcement according to the state news agency, KCNA.
The North Korean authorities explained that they can prove the Government has nothing to do with the cyberattack on Sony Pictures. The statement reported by the KCNA also warns of “grave consequences” if the US refuses to cooperate in the investigation.
While FBI blames the North Korea that denies any involvement, a message claiming to be from the GOP, aka Guardians of Peace, taunted the Bureau.
“The result of investigation by FBI is so excellent that you might have seen what we were doing with your own eyes,” states the message posted to Pastebin. “We congratulate you success,’ continued the message. ‘FBI is the BEST in the world.”
The message announces further revelation for Christmas, a gift for its followers
“You will find the gift for FBI at the following address,’ read the message, including a link to a YouTube video titled ‘you are an idiot!”
to be continued …
(Security Affairs – Sony Pictures, North Korea)