On the heels of a major breach at Sony Pictures Entertainment, the FBI warns that data-wiping malware has been used in an attack against a U.S. target.
New details about the Sony hack continue to emerge, most recently that the incident exposed the data of more than 6,800 employees at the company, Brian Krebs revealed Tuesday. Over the past week, news also surfaced that the attacks disrupted Sony's network operations for a time, and resulted in the leak of unreleased films online, including “Annie.”
Now, according to a Monday Reuters report, the FBI published a “five-page, confidential ‘flash'” warning providing technical details on the wiper malware launched in a U.S. attack. The alert did not name Sony as the victim of the attack, but security sources following the breach said it was “clearly referring” to the incident, the outlet said.
Citing the alert, Reuters said that the malware was capable of overwriting data on the master boot record (MBR).
“The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods," the alert warned.
In June 2013, Symantec uncovered a gang of cyberattackers, dubbed Dark Seoul, which targeted South Korean banks and news organizations making use of a wiper trojan, called Jokra. At the time, Dark Seoul was said to be a politically motivated hacker group active for four years. In addition to spreading trojans, the group shuttered websites via DDoS attacks and stole sensitive corporate data in a multi-tiered attack, Symantec found. On Tuesday, the firm told SCMagazine.com that it didn't have any new information to share on Dark Seoul's exploits.
In a Tuesday interview with SCMagazine.com, Avivah Litan, vice president and distinguished analyst at research firm Gartner, said that data-wiping code hitting the U.S. demonstrated an ongoing collaboration between North Korean hackers and attackers in Eastern Europe.