Daily Management Review

Report says that Sony Pictures Hackers Linked to Breaches in China, India, Japan


Report says that Sony Pictures Hackers Linked to Breaches in China, India, Japan
A coalition of security companies that jointly investigated the Sony case for more than a year have concluded after the investigations that the perpetrators of the 2014 cyber attack on Sony Pictures Entertainment were not activists or disgruntled employees, and likely had attacked other targets in China, India, Japan and Taiwan.
While stopping short of endorsing the official U.S. view that North Korea was to blame, the coalition, organized by security analytics company Novetta, concluded in a report released on Wednesday that the hackers were government-backed.
At about the same time that the attack happened at Sony Corp's film studio, it was about to release a comedy film titled "The Interview" that depicted the fictional assassination of North Korean leader Kim Jong Un. The attack has been tied to the releaseof the film by the Obama administration.
The breach "was not the work of insiders or hacktivists", Novetta said.
"This is very much supportive of the theory that this is nation-state. This group was more active, going farther back, and had greater capabilities and reach than we thought," Novetta Chief Executive Peter LaMontagne told the media.
In an investigation that saw a rare collaboration of  many companies, the investigating firms and companies included Novetta and the largest U.S. security software vendor Symantec Corp, the top Russian security firm Kaspersky Lab and at least 10 other institutions.
Five years before the Sony breach, determined the investigations, the unidentified hackers had been at work since at least 2009. Due to the inherent difficulty in establishing an inclusive cyber security defense and therefore despite their modest skills the hackers were able to achieve many of their goals, the Novetta group said.
This was the first time that investigators were able to tie the Sony hack to breaches at South Korean facilities including a power plant, LaMontagne said after releasing the report. The Sony attackers reused code that had been used in destructive attacks on South Korean targets in 2013, the FBI and others had previously said.
The hackers were likely also responsible for denial-of-service attacks that disrupted U.S. and South Korean websites on July 24, 2009, the Novetta group said. Overlaps in code, tactics and infrastructure between the attacks were found in the invesitgaitons, the group said.
Suggesting the exposure of the Sony breach and the threat of retaliation by the United States had not silenced the gang, Symantec researcher Val Saengphaibul said his company connected the hackers to attacks late last year.
Technical indicators were distributed by the coalition of security companies that is intended to help others determine if they had been targeted by the same hackers. This has been dubbed the Lazarus Group by Novetta.