2014’s cyber attack against Sony made headlines around the world and caused considerably damage to the company in both reputation and financial accounts; it’s reputed to have cost Sony in excess of $30 million to deal with the immediate aftermath of the attack as well as long-term increase in security measures and system upgrades. Back then, the suspected hackers were traced back to North Korea, which was rather displeased with a Sony film release which showed the country’s leader Kim Jong-un in a somewhat unflattering light. Now, over a year after this particular cyber attack, it would seem that the hackers behind it are alive and well – and have been targeting South Korea systems and organisations during the last few months.
This activity has allowed research experts to track the perpetrators using an array of tracking codes and digital identification methods. Presenting their findings at the Kapersky Security Analyst Summit in Spain earlier this month, researchers were able to present a compelling case based on a complex mapping exercise of hack activities across the globe. Patterns and trends were demonstrated to be nearly identical across a variety of cyber attacks throughout the past year, especially in the case of the use of so-called ‘droppers’. The identification of these trigger points – which is the moment at which malware or other malicious devices are installed within a system – served as a key tracking tool, as all used the same unique password. The malware also used a custom list of ‘sandboxes’, a virtual mechanism used to destroy malware; the hackers maintained a list of these sandboxes, and analysts were able to identify track the evolving list as well as link the common components across different attacks.
The researchers are naturally cautious about revealing too much information about their methods which might compromise their ability to continue to track these and future hackers successfully. However, for a more in-depth read of their exciting sleuthing work, have a look at the article on WIRED.com.