back to article Kaspersky exposes Sony-crippling malware details

Kaspersky bod Kurt Baumgartner has released more details on the Sony-plundering malware and links it to attacks on Saudi Aramco and South Korea. Research conducted in the wake of the epic Sony breach last month had connected those behind the attack known as the Guardians of Peace (GOP) with the 2012 hacking of Saudi Aramco by …

  1. Mikel

    Forensic challenge

    The big difficulty here is finding out which group that totally compromised Sony made the most nuisance of themselves. It's quite a cast.

  2. Mark 85

    What do these three have in common?

    Sony Pictures in California. Saudi Aramco. South Korea. ???

    Ok, Sony and South Korea possibly targets of the Norks. The Saudis? I don't see it except maybe as a red herring... a test.

    There's been one a year... will have to wait until 2015 for the next?

    Mikel is right.. this is going to be a challenge.

    1. Robert Helpmann??
      Childcatcher

      Re: What do these three have in common?

      Ok, Sony and South Korea possibly targets of the Norks. The Saudis? I don't see it except maybe as a red herring... a test.

      Don't discount the idea that North Korea might have allies or trading partners. In as much as countries such as the US and Israel purported worked together for a joint black hat venture, why wouldn't the Norks be willing to do the same? There are other countries that are willing to work with them, after all. Perhaps the malware was developed for use against "enemies of the state," but sold to a third party for whatever reason (diplomatic, economic, sheer bloody-mindedness).

    2. Trevor_Pott Gold badge

      Re: What do these three have in common?

      Iran is a friend of NK. Iran was having a dispute with SA. This all seems to tie to NK to me...

      1. Bloakey1

        Re: What do these three have in common?

        "Sony Pictures in California. Saudi Aramco. South Korea. ???"

        I am thinking it might be a North Korean operation that has been out-sourced to Iran. Iran is a very sophisticated country and nothing like the way the US would have us believe.

        Funny days, Qasem Suleimani leading the Iraqi fight against ISIS, the US working with Iran and the Syrian government bombing ISIS and supporting the boots on the ground (US, UK, French, Al Quds, Kurds, various Western mercenaries both male and female [some Israelis as well {not necessarily your usual Kidon}]).

        And then the Reg has the audacity to miss the death over the weekend of Ralph Baer, builder of the Magnavox Oddysey, one of the first video games. Even my French newspaper eulogised him this morning.

  3. DrXym

    Typical hacker modus

    Shoot a barn door, paint a ring around the hole, claim you hit the bullseye. So it goes with the post hoc justifications that follow some hack.

  4. Florida1920
    Big Brother

    Be careful what you ask for

    Back in 2002, George W. Bush placed North Korea, Iran and Iraq in the "Axis of Evil." Iraq has spawned the Islamic State gang, and North Korea and Iran soldier on. Maybe they took Dub at his word and formed an alliance. Koreans have a long-standing grudge with Japan, and Sony did itself no favors by making a movie -- a comedy! -- about assassinating Kim Jong Un. Iran and Saudi Arabia have their issues as well. While I might expect Iran to go for Israel or the U.S. in retaliation for Stuxnet, maybe Saudi Arabia was easier.

    Neither Iran or North Korea are any match for Western military firepower. Pardon me for using this phrase, but maybe instead of working harder -- a losing proposition -- they're working smarter. Abbie Hoffman once wrote, "Guns alone will never change this System. You don't use a gun on an IBM computer. You pull the plug out." We've come a long way since then, but our own dear leaders are still fighting the last war.

    1. Bloakey1

      Re: Be careful what you ask for

      <snip>

      "Iraq has spawned the Islamic State gang,"

      <snip>

      Not at all, ISIS is a creation of US policy and subsequent actions near and far. You funded jihad way back and created a cadre of experienced jihadis that were able to take on the Russians in Afganistand, Chechenya et. al. You showed them what they could do if well armed, you funded them, you persuaded others such as Saudi Arabia to fund them.

      The US has a juvenile, short term world view in my opinion.

      1. Mark 85

        Re: Be careful what you ask for

        @Bloakey1

        "The US has a juvenile, short term world view in my opinion."

        Yep... in everything we do. Profits, Stock Market. Wars against '$x". If it's not instant gratification, it's not worth waiting for. Or remembering. Then again history isn't taught in schools and thus, we must constantly re-live it. Maybe not all people, but at least those in charge and those who elected them.

  5. Kanhef

    "Tight deadline"?

    More likely they deployed as soon as their software was ready.

    1. Wzrd1 Silver badge

      Re: "Tight deadline"?

      It shouldn't take that long to compile PE.

      It's more likely that they deployed once infiltration, lateral spread and enumeration was complete.

      What's astonishing is that exfil was in the hundreds of GB and no alarms were generated/noticed.

      At this point, I wonder if the total loss was in the TB.

  6. MrRoland

    short position?

    Did anyone have a big short position on Sony? If you did you just made a killing!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like