Security experts uncover masterminds behind Sony Pictures hack

Operation Blockbuster backs up claims that North Korea is responsible

An investigation into the 2014 Sony hack has bolstered claims that North Korea was behind the attack.

The cybersecurity experts who mounted the investigation, dubbed Operation Blockbuster, found that the culprits, dubbed the Lazarus Group, have been active since at least 2009.

Analysts Novetta and 12 industry players, including Symantec, Kaspersky Lab, Trent Micro, AlienVault and Carbon Black were behind the operation, which was "created with the intent to understand and potentially disrupt malicious tools and infrastructure" used by Lazarus Group.

"The [November 2014] attack against Sony Pictures Entertainment (SPE) was unprecedented in its media coverage and overt use of malicious destructive capabilities against a commercial entity," the report reads.

"[It] broke new ground not only as a destructive malware attack on a US commercial entity but also due to the fact that the US government attributed the attack to North Korea and enacted small reciprocal measures," it adds.

While Novetta said it could not definitively attribute Lazarus Group and its behaviour to any specific nation state or group, it did give the caveat that "the FBI's official attribution claims could be supported by our findings".

While the SPE attack caused headlines around the globe, the researchers discovered Lazarus Group had been active since at least 2009 and possibly since 2007.

In that time, the group, which the report says "appears to be comprised of developers and operators", developed and honed the malware used in the DarkSeoul 2013 attack, carried out a four-year-long cyber espionage campaign, attacked South Korean critical infrastructure and financial targets, took on the South Korean media and, ultimately, attacked Sony.

Protection against the attacks levied by Lazarus Group is difficult, according to the report, due to the level of sophistication involved. However, traffic monitoring, network segregation and educating employees not to fall victim to social engineering attacks are all helpful mitigation methods.

"While no effort can completely halt malicious operations, Novetta believes that these efforts can help cause significant disruption and raise operating costs for adversaries, in addition to profiling groups that have relied on secrecy for much of their success," the researchers added.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
Best free malware removal tools 2020
Security

Best free malware removal tools 2020

21 Sep 2020
'NetWalker' ransomware explodes thanks to 'as a service' expansion
ransomware

'NetWalker' ransomware explodes thanks to 'as a service' expansion

4 Sep 2020
Malware attacks using machine identities doubled in 2019
cyber security

Malware attacks using machine identities doubled in 2019

4 Aug 2020

Most Popular

Unilever adopts Google Cloud’s complex data processing for deforestation drive
big data analytics

Unilever adopts Google Cloud’s complex data processing for deforestation drive

22 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020