Code Typo Helps Tie North Korea To The Sony hack

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

A security company in the U.S. has provided further evidence that last year’s devastating hacking attack on Sony Pictures Entertainment was carried out by a group with ties to North Korea.

Security firm CrowdStrike is among those who believe North Korea was the culprit, and on Tuesday it presented another piece of evidence to support that claim.

CrowdStrike said it found similarities between the malware used against Sony and a piece of destructive code deployed in 2013 by a group it calls Silent Chollima, which has already been linked to several attacks on South Korea and the U.S.

Parts of the code used in each attack are almost identical in their structure and functionality, CrowdStrike CTO Dmitri Alperovitch said during a webcast Tuesday in which he described how the Sony attack was carried out. The malware used in both attacks contains the same typographical error in the same place, spelling “security” as “secruity.”

The group that claimed responsibility for attacking Sony calls itself Guardians of Peace. Silent Chollima often uses different names during different attacks and may have done the same with Sony.

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

One thought on “Code Typo Helps Tie North Korea To The Sony hack

  • February 20, 2015 at 6:45 pm
    Permalink

    It may even be North Korea, but just concluding that on similarities in code and typos is just naive. even my code could look like the one from Silent Chollima, and the typo could be something made on purpose by some third party, to attract attention to NK, cuz a group as big and powerful as Silent Chollima or The Guardians of peace, with guts to hack one of the biggest companies, and for them to make mistakes such as those, sounds kinda sketchy. Just sayin… (m not pro north… or something)

    Reply

Leave a Reply