Perpetrators of the attacks that devastated the Sony Pictures Entertainment system slowly began to unfold. Is North Korea really become perpetrators of this hacking?
Last week, for the first time, the FBI issued a warning about the damage the wiper activities used in the attack on Sony Pictures.
The malware samples Destover contains configuration files are created in the system by using the Korean language. Evidence also shows that hackers from North Korea was behind the attacks against Sony.
Chief Security Researcher at Kaspersky Lab Kurt Baumgartner has published a blog post that describes the similarity between Destover wiper – used in the attack Sony – by Shamoon wipers are used to attack the Saudi Aramco in Saudi Arabia and the company RasGas in Qatar in 2012 and attacks DarkSeoul against several banks and media companies in Seoul, South Korea in 2013.
The similarity of the three wiper is of course not directly prove that the mastermind behind Shamoon same as the mastermind behind DarkSeoul or Destover.
But it should be noted that the events of the reactionary and operational characteristics and the toolset of the group had signs of resemblance to one another.
“The remarkable malware attacks since an attack is considered unusual and focus as well as having scale cyber enormous damage done by kemiripian which can be clearly identified,” he concluded.