Advertisement
Singapore markets open in 3 hours 19 minutes

  • Straits Times Index

    3,187.66
    +32.97 (+1.05%)
     

  • S&P 500

    5,011.12
    -11.09 (-0.22%)
     

  • Dow

    37,775.38
    +22.07 (+0.06%)
     

  • Nasdaq

    15,601.50
    -81.87 (-0.52%)
     

  • Bitcoin USD

    63,487.77
    +2,297.55 (+3.75%)
     

  • CMC Crypto 200

    1,311.43
    +425.90 (+48.09%)
     

  • FTSE 100

    7,877.05
    +29.06 (+0.37%)
     

  • Gold

    2,394.40
    +6.00 (+0.25%)
     

  • Crude Oil

    82.51
    -0.18 (-0.22%)
     

  • 10-Yr Bond

    4.6470
    +0.0620 (+1.35%)
     

  • Nikkei

    38,079.70
    +117.90 (+0.31%)
     

  • Hang Seng

    16,385.87
    +134.03 (+0.82%)
     

  • FTSE Bursa Malaysia

    1,544.76
    +4.34 (+0.28%)
     

  • Jakarta Composite Index

    7,166.81
    -7,130.84 (-49.87%)
     

  • PSE Index

    6,523.19
    +73.15 (+1.13%)
     

Sony malware may be linked to other damaging attacks - researchers

Reuters
A man looks at Sony Corp's audio headphones at an electronics retail store in Tokyo October 31, 2014. REUTERS/Toru Hanai/Files

By Jim Finkle

BOSTON (Reuters) - Cybersecurity researchers have uncovered what they say is technical evidence linking the massive breach at Sony Corp's Hollywood studio with attacks in South Korea and the Middle East.

Moscow-based security software maker Kaspersky Lab said on Thursday it uncovered evidence that all three campaigns might have been launched by the same group, or facilitated by a single organization skilled in working with destructive malware.

In 2012, cyber attackers damaged tens of thousands of computers at Saudi Arabia's national oil company and Qatar's RasGas with a virus known as Shamoon, one of the most destructive campaigns to date. Some U.S. officials blamed Iran.

ADVERTISEMENT

Last year, more than 30,000 PCs at South Korean banks and broadcasting companies were hit by a similar attack that cybersecurity researchers widely believe was launched from North Korea.

Kaspersky researcher Kurt Baumgartner told Reuters there are "unusually striking similarities" related to the malicious software and techniques in the two campaigns and the Nov. 24 Sony attack in which a malware dubbed "Destover" was used.

He described the similarities in depth in a technical blog published on Thursday on Kaspersky's website.

"It could be a single actor or it could be that there are trainers or individuals who float across groups," Baumgartner said in an interview.

He said the evidence suggests hackers from North Korea are behind the attack on Sony, although it is unclear whether they work directly for the government.

Not all cybersecurity researchers agree with Kaspersky's interpretation of the technical evidence.

California-based Symantec Corp said in a blog posting on Thursday it also sees similarities between the attacks against Sony and the Shamoon campaign, but attributed it to a copycat.

"There is no evidence to suggest that the same group is behind both attacks," Symantec said on its blog.

The diverging views highlight the difficulties that law enforcement faces in determining the identity of the hackers responsible for the Sony breach.

Hackers often conduct attacks by digitally hopping through multiple computer severs around the globe to mask their real Internet address, or use "false flag" techniques to make it look as though the attack is the work of another nation or group.

(Reporting by Jim Finkle in Boston. Additional reporting by Warren Stroebel in Washington; Editing by Mary Milliken and Andre Grenon)