Sony/Destover: mystery North Korean actor’s destructive and past network activity
(Publication) Google search: [1]
Sony/Destover: mystery North Korean actor’s destructive and past network activity | |
---|---|
Botnet | Destover |
Malware | |
Botnet/malware group | Destructive |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | Sony |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2014 / 2014-12-04 |
Editor/Conference | Kaspersky Securelist |
Link | https://securelist.com/blog/research/67985/destover/ (Archive copy) |
Author | Kurt Baumgartner |
Type | Blogpost |
Abstract
“ This week, for the first time, the FBI issued a Flash warning about a destructive wiper activity, used in the attack on Sony Pictures Entertainment. Samples of this Destover malware contained configuration files created on systems using Korean language packs.
Since the attack, further information about the malware has surfaced in one form or another, but some details, such as those relating to the previous activity of the prime suspects, are still to be examined.
So, while Sony Pictures silently completes its costly clean-up efforts and prepares to release “The Interview”, let’s discuss some of the malware functionality, glaring similarities with other wiper events, and some of the suspect group’s previous activity.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR1646, editor = {Kaspersky Securelist}, author = {Kurt Baumgartner}, title = {Sony/Destover: mystery North Korean actor’s destructive and past network activity}, date = {04}, month = Dec, year = {2014}, howpublished = {\url{https://securelist.com/blog/research/67985/destover/}}, }