The Sony hackers are still on the loose. Who are they?

After a year of analysis, cybersecurity experts believe the group behind the Sony hack in 2014 has been attacking networks for nearly a decade, at least, and continues to target government and commercial institutions globally.

|
Kacper Pempel/Reuters/File
An illustration file picture shows a projection of binary code on a man holding a laptop computer, in an office in Warsaw.

A consortium of cybersecurity firms said Wednesday that the group that publicly exposed the inner workings of Sony in a sensational cyberattack in 2014 has been wreaking havoc for nearly a decade and is still alive and strong today, targeting networks around the world.

Though it claimed to be a hacktivist group called "Guardians of Peace" after it publicly released company e-mails and a trove of other damaging information about Sony, cybersecurity experts have concluded that its history of attacks indicates that the hacker group is actually a sophisticated, well-financed, and determined foe.

They have linked the group with attacks on government, media, military, aerospace, financial, and critical infrastructure in the United States, Taiwan, China, Japan, and India. South Korea appears to be a favorite target. 

Cybersecurity experts could not directly connect the hackers to the North Korean government, as the FBI did in its investigation of the Sony attack. But evidence suggests a government is likely behind these attacks, rather than a hacktivist group or a vindictive former employee, as has been suggested in the Sony case, says analytics firm Novetta.

The McLean, Va.-based firm, along with 13 industry partners that included Kaspersky Lab, Symantec, and AlienVault, spent a year piecing together seemingly unrelated attacks by analyzing the malware, or destructive software, used in each one.

They identified duplicate strings of code, passwords, and misspellings, which helped the security experts link 45 families of malware to the group, according to a report released Wednesday called “Operation Blockbuster.”

"There's very hard evidence to suggest that a lot of the development is all originating from the same authors and codebases," Andre Ludwig, a senior technical director at Novetta told The Washington Post. "These aren't pieces of malware that are being shared on underground forums – these are very well guarded codebases that haven't leaked out or been thrown around publicly," he said.

The cybersecurity experts have dubbed the hackers “Lazarus Group,” after the biblical figure that comes back from the dead, because it seems to create new identities – "NewRomanic Cyber Army Team," the "WhoIs Team," and "IsOne" – and new tools for each attack.

Lazarus could even be a coordinated network of hacker groups, says Novetta, together responsible for stealing data, carrying out cyber espionage, and other attacks that have crippled financial systems, in at least one case preventing the customers of a South Korean bank from accessing money through ATMs for a brief period.

“It’s impressive the scope of what these guys have done and what they continue to do.… And the scary part is, they have no qualms about being destructive,” Ludwig told Wired.

The coalition of firms led by Novetta is working to distribute information to governments and corporations describing how to protect their cyber assets from attacks, as it continues to monitor the hackers' activities.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to The Sony hackers are still on the loose. Who are they?
Read this article in
https://www.csmonitor.com/Technology/2016/0224/The-Sony-hackers-are-still-on-the-loose.-Who-are-they
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe