Sony/Destover: mystery North Korean actor’s destructive and past network activity

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Sony/Destover: mystery North Korean actor’s destructive and past network activity
Botnet Destover
Malware
Botnet/malware group Destructive
Exploit kits
Services
Feature
Distribution vector
Target Sony
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2014 / 2014-12-04
Editor/Conference Kaspersky Securelist
Link https://securelist.com/blog/research/67985/destover/ (Archive copy)
Author Kurt Baumgartner
Type Blogpost

Abstract

This week, for the first time, the FBI issued a Flash warning about a destructive wiper activity, used in the attack on Sony Pictures Entertainment. Samples of this Destover malware contained configuration files created on systems using Korean language packs.

Since the attack, further information about the malware has surfaced in one form or another, but some details, such as those relating to the previous activity of the prime suspects, are still to be examined.

So, while Sony Pictures silently completes its costly clean-up efforts and prepares to release “The Interview”, let’s discuss some of the malware functionality, glaring similarities with other wiper events, and some of the suspect group’s previous activity.

Bibtex

 @misc{Baumgartner2014BFR1646,
   editor = {Kaspersky Securelist},
   author = {Kurt Baumgartner},
   title = {Sony/Destover: mystery North Korean actor’s destructive and past network activity},
   date = {04},
   month = Dec,
   year = {2014},
   howpublished = {\url{https://securelist.com/blog/research/67985/destover/}},
 }