Security experts uncover masterminds behind Sony Pictures hack

Operation Blockbuster backs up claims that North Korea is responsible

An investigation into the 2014 Sony hack has bolstered claims that North Korea was behind the attack.

The cybersecurity experts who mounted the investigation, dubbed Operation Blockbuster, found that the culprits, dubbed the Lazarus Group, have been active since at least 2009.

Analysts Novetta and 12 industry players, including Symantec, Kaspersky Lab, Trent Micro, AlienVault and Carbon Black were behind the operation, which was "created with the intent to understand and potentially disrupt malicious tools and infrastructure" used by Lazarus Group.

"The [November 2014] attack against Sony Pictures Entertainment (SPE) was unprecedented in its media coverage and overt use of malicious destructive capabilities against a commercial entity," the report reads.

"[It] broke new ground not only as a destructive malware attack on a US commercial entity but also due to the fact that the US government attributed the attack to North Korea and enacted small reciprocal measures," it adds.

While Novetta said it could not definitively attribute Lazarus Group and its behaviour to any specific nation state or group, it did give the caveat that "the FBI's official attribution claims could be supported by our findings".

While the SPE attack caused headlines around the globe, the researchers discovered Lazarus Group had been active since at least 2009 and possibly since 2007.

In that time, the group, which the report says "appears to be comprised of developers and operators", developed and honed the malware used in the DarkSeoul 2013 attack, carried out a four-year-long cyber espionage campaign, attacked South Korean critical infrastructure and financial targets, took on the South Korean media and, ultimately, attacked Sony.

Protection against the attacks levied by Lazarus Group is difficult, according to the report, due to the level of sophistication involved. However, traffic monitoring, network segregation and educating employees not to fall victim to social engineering attacks are all helpful mitigation methods.

"While no effort can completely halt malicious operations, Novetta believes that these efforts can help cause significant disruption and raise operating costs for adversaries, in addition to profiling groups that have relied on secrecy for much of their success," the researchers added.

Featured Resources

Virtual desktops and apps for dummies

An easy guide to virtual desktop infrastructure, end-user computing, and more

Download now

The total economic impact of optimising and managing your hybrid multi-cloud

Cost savings and business benefits of accelerating the cloud journey

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

What’s next for the education sector?

A new learning experience

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
2021 state of email security report: Ransomware on the rise
Whitepaper

2021 state of email security report: Ransomware on the rise

10 May 2021
Hackers used SonicWall zero-day flaw to plant ransomware
ransomware

Hackers used SonicWall zero-day flaw to plant ransomware

30 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021