Sony/Destover: mystery North Korean actor’s destructive and past network activity

From Botnets.fr
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

(Publication) Google search: [1]

Sony/Destover: mystery North Korean actor’s destructive and past network activity
Botnet Destover
Malware
Botnet/malware group Destructive
Exploit kits
Services
Feature
Distribution vector
Target Sony
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2014 / 2014-12-04
Editor/Conference Kaspersky Securelist
Link https://securelist.com/blog/research/67985/destover/ (Archive copy)
Author Kurt Baumgartner
Type Blogpost

Abstract

This week, for the first time, the FBI issued a Flash warning about a destructive wiper activity, used in the attack on Sony Pictures Entertainment. Samples of this Destover malware contained configuration files created on systems using Korean language packs.

Since the attack, further information about the malware has surfaced in one form or another, but some details, such as those relating to the previous activity of the prime suspects, are still to be examined.

So, while Sony Pictures silently completes its costly clean-up efforts and prepares to release “The Interview”, let’s discuss some of the malware functionality, glaring similarities with other wiper events, and some of the suspect group’s previous activity.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR1646,
   editor = {Kaspersky Securelist},
   author = {Kurt Baumgartner},
   title = {Sony/Destover: mystery North Korean actor’s destructive and past network activity},
   date = {04},
   month = Dec,
   year = {2014},
   howpublished = {\url{https://securelist.com/blog/research/67985/destover/}},
 }