Security experts uncover masterminds behind Sony Pictures hack

Operation Blockbuster backs up claims that North Korea is responsible

An investigation into the 2014 Sony hack has bolstered claims that North Korea was behind the attack.

The cybersecurity experts who mounted the investigation, dubbed Operation Blockbuster, found that the culprits, dubbed the Lazarus Group, have been active since at least 2009.

Analysts Novetta and 12 industry players, including Symantec, Kaspersky Lab, Trent Micro, AlienVault and Carbon Black were behind the operation, which was "created with the intent to understand and potentially disrupt malicious tools and infrastructure" used by Lazarus Group.

"The [November 2014] attack against Sony Pictures Entertainment (SPE) was unprecedented in its media coverage and overt use of malicious destructive capabilities against a commercial entity," the report reads.

Advertisement - Article continues below
Advertisement - Article continues below

"[It] broke new ground not only as a destructive malware attack on a US commercial entity but also due to the fact that the US government attributed the attack to North Korea and enacted small reciprocal measures," it adds.

While Novetta said it could not definitively attribute Lazarus Group and its behaviour to any specific nation state or group, it did give the caveat that "the FBI's official attribution claims could be supported by our findings".

While the SPE attack caused headlines around the globe, the researchers discovered Lazarus Group had been active since at least 2009 and possibly since 2007.

In that time, the group, which the report says "appears to be comprised of developers and operators", developed and honed the malware used in the DarkSeoul 2013 attack, carried out a four-year-long cyber espionage campaign, attacked South Korean critical infrastructure and financial targets, took on the South Korean media and, ultimately, attacked Sony.

Protection against the attacks levied by Lazarus Group is difficult, according to the report, due to the level of sophistication involved. However, traffic monitoring, network segregation and educating employees not to fall victim to social engineering attacks are all helpful mitigation methods.

"While no effort can completely halt malicious operations, Novetta believes that these efforts can help cause significant disruption and raise operating costs for adversaries, in addition to profiling groups that have relied on secrecy for much of their success," the researchers added.

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now



Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019

Best antivirus for Windows 10

3 Sep 2019

Best free malware removal tools 2019

8 Mar 2019

Most Popular


Patch issued for critical Windows bug

11 Dec 2019

Buy IT to grow, not slow, your business

25 Nov 2019
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019

Life ends at 40 in the tech industry

9 Dec 2019