Lazarus Group Was Responsible For The Sony Pictures Hack In 2014
In 2014, some anonymous hackers targeted and attacked the Sony Pictures Entertainment, and in order to analyze and disrupt the activities of that threat group, many security firms have teamed up.
On the activities of an actor that they have dubbed the Lazarus Group, a reports have been published by firms like Symantec, Kaspersky Lab, Novetta and AlienVault on Wednesday. According to those reports, more than 45 families of malware's have been analyzed, that helps to easily find a connection between several major attacks by the researchers of the firms.
From the past 2007, The Lazarus Group has conducted so many attacks whose purpose was to destroy the data and disrupt the system and along with that, they have also conducted so many cyber espionage operations.
After the analysis of samples of malware, it has been found that numerous attacks have been conducted by the Lazarus Group. Among them, there was one that shamed and crippled Sony in 2014. Along with that the other attacks including:
- Attacks on Manufacturing and financial organizations primarily located in South Korea and the United States.
- Attacks on Military.
- Attacks on government and media too.
- Dark Seoul and Operation Troy campaigns.
In Malaysia, China, India, Taiwan, Brazil, Mexico, Turkey, Saudi Arabia, Iran and Vietnam and in many more countries Victims have been spotted.
Victims of Lazarus Group
According to some factors like similarities in the attackers, code shared between several malicious tools and the methods that has been used by them to wipe and evade detection by security tools, Researchers were able to connect the campaigns to Lazarus.
The links between Destover, the DarkSeoul malware and the wiper used in Sony attack all have been found by the Experts, but they are not able to find any evidence associated with the same malware developers.
According to the researchers, same password has been used by the attackers which is hardcoded inside the dropper in every campaign. And this provided the information to researchers needed for identifying operations of Lazarus.
North Korea has been pointed out by the U.S government behind the Sony attack, but they always denied against such kind of actions. Pyongyang has been blamed by the South Korea for the malicious campaigns that target the country.
According to the reports, it's not directly mentioned that North Korea was responsible, but there are some evidences that shows that probably it was North Korea who was responsible for the Sony attack. Evidences that were mentioned in reports were like that- The working hours in which the threat actors compiled the malicious tools was associated with the GMT+8 and GMT+9 time zones, which matches North Korea. Most of the Lazarus samples have been the PE resource with Korean language.
Jaime Blasco (chief scientist at AlienVault) said that,
“This actor has the necessary skills and determination to perform cyberespionage operations with the purpose of stealing data or causing damage. Combining that with the use of disinformation and deception techniques, the attackers have been able to successfully launch several operations over the last few years,”
If you want to know more about Technical details then you can go through the reports published by the firm AlienVault, Kaspersky, Symantec and Novetta.