Sony Hackers Still Alive and Hacking
Posted by: Timothy Weaver on 02/17/2016 10:46 AM
[
Comments
]
According to security researchers from Kaspersky Lab and AlienVault Labs, the hackers behind the 2014 Sony hack are alive and still hacking.
The researchers are not sure that the hackers are North Korean operatives. They collected 400 to 500 malware samples over the course of a year and analyzed these and other clues.
Various attack attributes such as re-using code, techniques and practices were not enough to determine that they all came from the same hackers. However, the clincher came when the researchers found a dropper that was used in multiple attacks to drop different payloads. The droppers not only used very similar code but also linked to a resource base using the same password.
The researchers also found that the attackers in all cases used a .BAT file to automatically erase traces of their incursions, a move which left telltale signs on the affected systems.
Other clues they gathered included a shared blacklist of sandbox applications and snippets of code in Korean.
Source: SCMagazine
The researchers are not sure that the hackers are North Korean operatives. They collected 400 to 500 malware samples over the course of a year and analyzed these and other clues.
Various attack attributes such as re-using code, techniques and practices were not enough to determine that they all came from the same hackers. However, the clincher came when the researchers found a dropper that was used in multiple attacks to drop different payloads. The droppers not only used very similar code but also linked to a resource base using the same password.
The researchers also found that the attackers in all cases used a .BAT file to automatically erase traces of their incursions, a move which left telltale signs on the affected systems.
Other clues they gathered included a shared blacklist of sandbox applications and snippets of code in Korean.
Source: SCMagazine
Comments
