(Bloomberg) -- North Korea may have had a hand in a digital attack against Sony Pictures that used destructive malware to disable systems and destroy data, according to two people with the knowledge of the investigation.
Some of the malware contained Korean language code, and other aspects of the breach bear important similarities to attacks that wiped out the computers of South Korean banks and broadcasters in March 2013, said the people, who weren’t authorized to speak publicly and asked not to be identified.
The FBI sent a flash alert to U.S. companies about the malware yesterday, mentioning the use of Korean language, while not linking it directly to the Nov. 25 attack on Sony Corp.’s Culver City, California-based entertainment unit. One of the people confirmed the alert refers to malware in the Sony case.
“We consider that the theories regarding the attribution to North Korea are credible,” said John Hultquist, senior cyber espionage practice lead at iSight Partners, a Dallas-based cybersecurity company.
ISight isn’t involved in the Sony investigation. It has analyzed other destructive attacks linked to North Korean hackers, Hultquist said.
The malware, designed by unknown operators, has the ability to overwrite data files, including what’s called the master boot record, making computers unusable, the FBI said in its five-page alert to companies.
The use of destructive malware has been a hallmark of North Korean attacks, including devastating attacks last year against some of South Korea’s largest banks and at least two major television broadcasters.
The attack on Sony crippled its computer systems, forcing some employees to communicate by text message.
The attackers also were able to obtain copies of recent and imminent motion-picture releases that were then posted on the Internet for download.
The breach occurred a month before the scheduled release of “The Interview,” a comedy about a CIA plot to kill North Korea’s leader, Kim Jong-Un.
The Seth Rogen film, currently advertised for release on Dec. 25, features Rogen and James Franco as TV producers who are recruited by the Central Intelligence Agency to assassinate Kim. Plans for the film drew a rebuke from the country, with a foreign ministry spokesman saying in state media that the release would be an “act of war,” according to the BBC.
“In furtherance of public-private partnerships, the FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations,” Joshua Campbell, a bureau spokesman, said in an e-mail. “This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals.”
Copyright 2017 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.