clock menu more-arrow no yes

Filed under:

The malware that took down Sony was written in Korean

New, 48 comments
Gilad Rom / Flickr

New evidence has emerged linking North Korea to the recent attacks on Sony, thanks to research conducted by the firm AlienVault. Using samples of the code released by the FBI, AlienVault's labs director Jaime Blasco was able to track down a copy of the malware that had fallen into one of the company's malware honeypots and analyze the software for clues. According to the program's compiler metadata, the programs and resources that compose the malware were compiled between Novermber 22nd and 24th — just days before the attack hit Sony — and the computer that did the compiling was set up to display its text in Korean characters.

The program was compiled just days before the attack

At the same time, North Korea is already denying its involvement in the attack, today issuing its strongest statement yet. "My country publicly declared that it would follow international norms banning hacking and piracy," a North Korean diplomat told Reuters. Many believe the attack was retaliation for Sony's upcoming film The Interview, which depicts a comedic assassination attempt on North Korean leader Kim Jong-un, although the studio has denied reports that it is planning to accuse the country of the attacks.

Still, AlienVault' analysis provides the most definitive evidence so far connecting North Korea to the attack, particularly given how specifically the program targets Sony. The malware Blasco analyzed used a simple login and password to gain access to Sony's system, suggesting the attackers had already gained access to company data elsewhere. Once they had that access, this program was used to wipe the company's hard drives, take down the email system, and display the now-notorious skeleton graphic. Even if some of the code was reused from preexisting malware, the new analysis from AlienVault suggests the program was customized and deployed by Korean speakers, strongly implicating North Korea's state hackers in the attack.