What’s in a typo? More evidence tying North Korea to the Sony hack - berrynough1996

A security company in the U.S. has provided encourage evidence that last year's devastating hacking attack along Sony Pictures Entertainment was carried unstylish by a group with ties to D.P.R.K..

The FBI has already named DPRK Eastern Samoa the source of the attack, but some security experts have been distrustful, in part because the FBI didn't disclose all the details of its investigation.

Security firm CrowdStrike is among those who believe North Korea was the culprit, and on Tues it presented another composition of evidence to support that claim.

CrowdStrike said it found similarities between the malware used against Sony and a bit of crushing code deployed in 2022 by a group it calls Silent Chollima, which has already been linked to single attacks on Southwesterly Korea and the U.S.

CrowdStrike

Similarities in malware code used by Incommunicative Chollima in 2022 and the Sony attacks last year

Parts of the code used in for each one attack are almost identical in their structure and functionality, CrowdStrike CTO Dmitri Alperovitch said during a webcast Tuesday in which he described how the Sony attack was carried out. (A replay will be available here.)

What's more than, he said, the malware used in both attacks contains the same typo in the same lay, spelling "security" as "secruity."

CrowdStrike had already identified similarities between attacks aside Silent Chollima and the one on Sony, including the use of destructive "wiper" malware and the way that cipher was deployed. But it hadn't described the similarities in the code itself.

The similarities are in a part of the malware that's victimized to spread the cypher through a network. The part that does the data-wiping is considerably more advanced in the malware used against Sony, Alperovitch said, suggesting it was a tardive version of the assonant program.

Malware sometimes get shared and reused in underground forums, only the source computer code for the 2022 attack and the Sony set on harbor't been discharged publicly, Alperovitch aforesaid. So it's supposed another group of hackers could have overrule-engineered the Secret Chollima code and reproduced it exactly, right down to the typo.

"Once you go through so many 'ifs' and 'buts,' IT makes it highly implausible," he said.

The message Sony Pictures employees saw when they got to work Nov. 24

The group that claimed responsibility for attacking Sony calls itself Guardians of Peace. Silent Chollima a great deal uses divers names during contrastive attacks and may birth done the aforesaid with Sony.

Other security measures companies, including Symantec, also have linked the Sony attack to Northerly Korea.

"We're merely providing Sir Thomas More details and additional evidence to tighten the eccentric," Alperovitch said.

"On that point's been a great deal of questions about the attribution for this case, and more public prove leave help oneself people pay their own minds all but who's truly responsible," atomic number 2 said.

In December, the FBI publicly blamed North Korea for the attack, which led to reams of company data being published on the Web, including executives' emails and salary data, as well as suppressed movies.

Source: https://www.pcworld.com/article/431927/whats-in-a-typo-more-evidence-tying-north-korea-to-the-sony-hack.html

Posted by: berrynough1996.blogspot.com

Share this post