Sony Attackers Still Hacking South Korean Entities

February 12, 2016—Evidence gathered by Kaspersky Labs and AlienVault Labs’ security researchers suggest that the malicious actors behind the 2014 attack on Sony are still active and are still targeting South Korean entities. To date, the 2014 hack cost Sony $35 million in IT infrastructure repairs. During the attack, Sony servers were also unavailable, halting operations in several Sony offices worldwide.

While the experts attributed an “extremely high level of sophistication” because the malicious users kept changing their malware to avoid detection, some things were kept the same. Telltale signs such as passwords, smokescreen methods, re-used codes, and hardcoded user agent list provided the breadcrumbs, which enabled the researchers to conclude that, the more recent attacks on South Korea’s nuclear power plant and Samsung are related to the Sony hack.

The two researchers, Juan Andrés Guerrero-Saade (Kaspersky Lab) Jaime Blasco (AlienVault Labs), do not want to directly attribute the attacks to anyone but they do admit that whoever is behind them is focusing exclusively on South Korean targets.

Comments are closed.