Filed Under:Risk Management, Loss Control

North Korea could be behind Sony breach

Sony Pictures Entertainment headquarters in Culver City, Calif. (AP Photo/Nick Ut)
Sony Pictures Entertainment headquarters in Culver City, Calif. (AP Photo/Nick Ut)

(Bloomberg) -- North Korea may have had a hand in a digital attack against Sony Pictures that used destructive malware to disable systems and destroy data, according to two people with the knowledge of the investigation.

Some of the malware contained Korean language code, and other aspects of the breach bear important similarities to attacks that wiped out the computers of South Korean banks and broadcasters in March 2013, said the people, who weren’t authorized to speak publicly and asked not to be identified.

The FBI sent a flash alert to U.S. companies about the malware yesterday, mentioning the use of Korean language, while not linking it directly to the Nov. 25 attack on Sony Corp.’s Culver City, California-based entertainment unit. One of the people confirmed the alert refers to malware in the Sony case.

“We consider that the theories regarding the attribution to North Korea are credible,” said John Hultquist, senior cyber espionage practice lead at iSight Partners, a Dallas-based cybersecurity company.

ISight isn’t involved in the Sony investigation. It has analyzed other destructive attacks linked to North Korean hackers, Hultquist said.

The malware, designed by unknown operators, has the ability to overwrite data files, including what’s called the master boot record, making computers unusable, the FBI said in its five-page alert to companies.

The use of destructive malware has been a hallmark of North Korean attacks, including devastating attacks last year against some of South Korea’s largest banks and at least two major television broadcasters.

Crippling Assault

The attack on Sony crippled its computer systems, forcing some employees to communicate by text message.

The attackers also were able to obtain copies of recent and imminent motion-picture releases that were then posted on the Internet for download.

The breach occurred a month before the scheduled release of “The Interview,” a comedy about a CIA plot to kill North Korea’s leader, Kim Jong-Un.

The Seth Rogen film, currently advertised for release on Dec. 25, features Rogen and James Franco as TV producers who are recruited by the Central Intelligence Agency to assassinate Kim. Plans for the film drew a rebuke from the country, with a foreign ministry spokesman saying in state media that the release would be an “act of war,” according to the BBC.

“In furtherance of public-private partnerships, the FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations,” Joshua Campbell, a bureau spokesman, said in an e-mail. “This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals.”

Copyright 2017 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.


Unreleased films stolen in Sony cyber attack

The company faces holiday box office losses after unreleased films were leaked online in a cyber attack.

Featured Video

Most Recent Videos

Video Library ››

Top Story

5 insurance advisor marketing mistakes to avoid

The right marketing tactics can help insurance agents and brokers reach their goals.

Top Story

Fire prevention: 5 potential fire risks in your home

Can you identify fire hazards hiding in your home? Learn about potential fire risks and how to protect your home from flames.

More Resources


eNewsletter Sign Up

PropertyCasualty360 Daily eNews

Get P&C insurance news to stay ahead of the competition in one concise format - FREE. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.