Security experts uncover masterminds behind Sony Pictures hack

Operation Blockbuster backs up claims that North Korea is responsible

An investigation into the 2014 Sony hack has bolstered claims that North Korea was behind the attack.

The cybersecurity experts who mounted the investigation, dubbed Operation Blockbuster, found that the culprits, dubbed the Lazarus Group, have been active since at least 2009.

Analysts Novetta and 12 industry players, including Symantec, Kaspersky Lab, Trent Micro, AlienVault and Carbon Black were behind the operation, which was "created with the intent to understand and potentially disrupt malicious tools and infrastructure" used by Lazarus Group.

"The [November 2014] attack against Sony Pictures Entertainment (SPE) was unprecedented in its media coverage and overt use of malicious destructive capabilities against a commercial entity," the report reads.

"[It] broke new ground not only as a destructive malware attack on a US commercial entity but also due to the fact that the US government attributed the attack to North Korea and enacted small reciprocal measures," it adds.

While Novetta said it could not definitively attribute Lazarus Group and its behaviour to any specific nation state or group, it did give the caveat that "the FBI's official attribution claims could be supported by our findings".

While the SPE attack caused headlines around the globe, the researchers discovered Lazarus Group had been active since at least 2009 and possibly since 2007.

In that time, the group, which the report says "appears to be comprised of developers and operators", developed and honed the malware used in the DarkSeoul 2013 attack, carried out a four-year-long cyber espionage campaign, attacked South Korean critical infrastructure and financial targets, took on the South Korean media and, ultimately, attacked Sony.

Protection against the attacks levied by Lazarus Group is difficult, according to the report, due to the level of sophistication involved. However, traffic monitoring, network segregation and educating employees not to fall victim to social engineering attacks are all helpful mitigation methods.

"While no effort can completely halt malicious operations, Novetta believes that these efforts can help cause significant disruption and raise operating costs for adversaries, in addition to profiling groups that have relied on secrecy for much of their success," the researchers added.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021