A new report offers more insight on why the U.S. government has taken its resolute stance in attributing the Sony Pictures attack to North Korea.
On Sunday, The New York Times published an article detailing the National Security Agency’s efforts to penetrate North Korea’s cyber fortresses, which eventually proved successful in 2010.
Citing former U.S. and foreign officials, a recently disclosed NSA document and security professionals privy to the operations, the Times said that NSA “drilled into the Chinese networks that connect North Korea to the outside world, picked through connections in Malaysia favored by North Korean hackers, and penetrated directly into the North with the help of South Korea and other American allies.”
By planting malware with its newfound access, the NSA was able to track the efforts of North Korea’s elite hackers, the report said, which served as convincing evidence for U.S. officials of North Korea’s involvement in the Sony Pictures attack.
Not long after the FBI concluded in December that North Korea was behind the cyber attack, President Obama went on to impose additional sanctions against the country in an effort to discourage such attacks in the future on American entities.
The Times report also said that NSA’s access to North Korea’s systems “allowed the agency to see the first ‘spear phishing’ attacks on Sony” in early September, although the attacks “did not look unusual” or incite the government to warn Sony of hackers’ endeavors, at that point in time. Instead, attackers spent more than two months studying their targets, “mapping Sony’s computer systems, identifying critical files and planning how to destroy computers and servers,” the article said.
The report also noted that the Dark Seoul attacks in 2013 – which targeted banks and media organizations in South Korea and have been suspected to be the work of North Koreans – turned the U.S. surveillance focus from North Korea’s nuclear program and leadership to the hacking threat it presented.