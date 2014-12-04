BOSTON Dec 4 Cybersecurity researchers have
uncovered what they say is technical evidence linking the
massive breach at Sony Corp's Hollywood studio with
attacks in South Korea and the Middle East.
Moscow-based security software maker Kaspersky Lab said on
Thursday it uncovered evidence that all three campaigns might
have been launched by the same group, or facilitated by a single
organization skilled in working with destructive malware.
In 2012, cyber attackers damaged tens of thousands of
computers at Saudi Arabia's national oil company and Qatar's
RasGas with a virus known as Shamoon, one of the most
destructive campaigns to date. Some U.S. officials blamed Iran.
Last year, more than 30,000 PCs at South Korean banks and
broadcasting companies were hit by a similar attack that
cybersecurity researchers widely believe was launched from North
Korea.
Kaspersky researcher Kurt Baumgartner told Reuters there are
"unusually striking similarities" related to the malicious
software and techniques in the two campaigns and the Nov. 24
Sony attack in which a malware dubbed "Destover" was used.
He described the similarities in depth in a technical blog
published on Thursday on Kaspersky's website.
"It could be a single actor or it could be that there are
trainers or individuals who float across groups," Baumgartner
said in an interview.
He said the evidence suggests hackers from North Korea are
behind the attack on Sony, although it is unclear whether they
work directly for the government.
Not all cybersecurity researchers agree with Kaspersky's
interpretation of the technical evidence.
California-based Symantec Corp said in a blog
posting on Thursday it also sees similarities between the
attacks against Sony and the Shamoon campaign, but attributed it
to a copycat.
"There is no evidence to suggest that the same group is
behind both attacks," Symantec said on its blog.
The diverging views highlight the difficulties that law
enforcement faces in determining the identity of the hackers
responsible for the Sony breach.
Hackers often conduct attacks by digitally hopping through
multiple computer severs around the globe to mask their real
Internet address, or use "false flag" techniques to make it look
as though the attack is the work of another nation or group.
(Reporting by Jim Finkle in Boston. Additional reporting by
Warren Stroebel in Washington; Editing by Mary Milliken and
Andre Grenon)