Code Typo Helps Tie North Korea To The Sony hack

A security company in the U.S. has provided further evidence that last year’s devastating hacking attack on Sony Pictures Entertainment was carried out by a group with ties to North Korea.

Security firm CrowdStrike is among those who believe North Korea was the culprit, and on Tuesday it presented another piece of evidence to support that claim.

CrowdStrike said it found similarities between the malware used against Sony and a piece of destructive code deployed in 2013 by a group it calls Silent Chollima, which has already been linked to several attacks on South Korea and the U.S.

Parts of the code used in each attack are almost identical in their structure and functionality, CrowdStrike CTO Dmitri Alperovitch said during a webcast Tuesday in which he described how the Sony attack was carried out. The malware used in both attacks contains the same typographical error in the same place, spelling “security” as “secruity.”

The group that claimed responsibility for attacking Sony calls itself Guardians of Peace. Silent Chollima often uses different names during different attacks and may have done the same with Sony.

Related posts

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

Kia Dealer Portal Vulnerability Risked Millions of Cars

Latest Octo Malware Variant Mimics Popular Apps Like NordVPN, Chrome

1 comment

lsd_delirious February 20, 2015 - 6:45 pm
It may even be North Korea, but just concluding that on similarities in code and typos is just naive. even my code could look like the one from Silent Chollima, and the typo could be something made on purpose by some third party, to attract attention to NK, cuz a group as big and powerful as Silent Chollima or The Guardians of peace, with guts to hack one of the biggest companies, and for them to make mistakes such as those, sounds kinda sketchy. Just sayin... (m not pro north... or something)

Comments are closed.

Add Comment