Report: Russian Hacker Broke Into Sony & Is Still There

  /     /     /  
Publicated : 22/11/2024   Category : security


Report: Russian Hacker Broke Into Sony & Is Still There


But can we trust the words of black hat hackers with unclear motives for candor? Either way, report supports credible theory of multiple attackers hitting Sony.



Sony Pictures Entertainment might have been compromised this fall by Russian attackers, who are still lurking within Sonys network now. These Russian criminals were probably not working with the North Korean government. Bad news: the intel about the existence of said Russian cybercriminals may not be reliable, in the opinion of a recently retired US Naval intelligence officer. 
A report
released by Taia Global reveals some new information about threats to Sony. While it doesnt provide a wealth of damning evidence pointing to any particular perpetrator, it does serve as a reminder of why attribution continues to be such a persistent problem in fighting cybercrime. Just because your organization was compromised in several ways at the same time doesnt necessarily mean the attacks were related. Just because two malicious parties have compromised you at the same time doesnt mean theyre working together.
The reason why its so confusing [in the Sony case] ... is because the evidence is so conflicting, says Taia Global founder and CEO Jeffrey Carr.
In the report, Carr describes what he learned through conversations with a blackhat hacker who goes by the name Yama Tough. Carr explains that he and Yama Tough have established a trusting relationship -- theyve known each other a long time and Carr knows Yama Toughs true identity, says Carr.
Carr says he asked Yama Tough directly if he was personally involved with the attack. He said he was not, and Carr believes him. However, at Carrs request, Tough used his own contacts to find some information about the people behind the Sony attacks. Tough then related to Carr what hed been told by an unnamed Russian hacker (referred to as URH in the report), who Tough described as a long-time black hat hacker who does occasional contract work for Russia’s Federal Security Service. From the report:
URH told Yama Tough that he sent spear phishing emails to Sony employees in Asia and Russia and then used an advanced pivoting technique to move inside the SPE network... The email sent by URH and his 12 team members contained a .pdf attachment, which was loaded with a Remote Access Trojan (RAT) that isn’t in any AV signature database.
To back up his words, URH shared Sony documents that were not found in the big data dumps that other attackers had published on Pastebin. Among those documents were Sony emails dated as recently as Jan. 23.
The participation of Russian-speaking cyber actors fits with earlier research conducted by Carr and Taia Global. They conducted a linguistic analysis of all the messages (about 2,000 words in all) written by the Guardians of Peace -- the hacking group that took responsibility for at least some of the attacks on Sony -- and exposed all manner of sensitive Sony documents. That analysis indicated that the authors were native Russian speakers, according to the research.
This all leads Carr to the conclusion that either a group of Russian hackers and a group of North Korean attackers were running separate, simultaneous attacks against Sony, or perhaps North Korea was never involved at all, and it was simply another group that included at least one Russian individual. He does not think that a party of Russians and a party of North Koreans were working collectively.
They said they had nothing to do with North Korea, says Carr of the unnamed Russian hacker. He further remarks that he cant see why North Korea would hire a group of Russian hackers to do their dirty work -- because the country already has its own state-sponsored cyber army and it had already damaged any attempt at plausible deniability when it made threats against Sony months before the attacks. What I think is that there were multiple parties in there [in Sony].
The next question then is, which party did what?
Carr doesnt think that URH was necessarily involved in the wiper attack that turned so much Sony hardware into bricks. The only malware URH discussed was a remote access tool, not a wiper. Then again, Guardians of Peace (GOP) took responsibility for the wiper -- their name was pasted on every locked computer screen -- so if the linguistic analysis of the GOPs messages is accurate, then the wiper was also used by Russian-speaking attackers, possibly, but not necessarily, including the individual URH referenced in Carrs report.
Carr says that one of the troubles with cyber crime attribution may be that the security industry has become too reliant on just analyzing signal data and machine communications, while forgetting the value of analyzing human communications.
On that point, retired U.S. Naval intelligence officer Tom Chapman, now director of the Cyber Operations Group at EdgeWave, agrees. Yet, Chapman is still skeptical about Carrs report, saying that theres nowhere near enough information to draw confident conclusions from it.
Its possible, but its weak, says Chapman. Human sources are always the least credible.
Chapman is particularly suspicious about the motivations of Yama Tough and his source. Yama Tough is not taking credit for the attack himself, so he doesnt get hacker bragging rights. He could also be hurting his reputation in the black hat community, since hes sharing details given to him by another black hat. As for Toughs source, Chapman acknowledges that criminal hackers may trumpet their exploits more than other kinds of criminals, but says that professional, financially motivated hackers stay quiet (especially if theyre going after Russian targets).
When the [Sony] attack came out, says Chapman, I was skeptical it was North Korea alone. Im still a bit skeptical.
He says he believes the FBIs official word that the North Korean government was behind the attacks; but that they havent publicly released enough supporting data for him to draw that conclusion himself.
Chapman says he puts more credence in some official statements than others, depending upon whose mouth the words are coming out of. For example, when
FBI Director James Comey said
“I have very high confidence in this attribution, as does the entire intelligence community,” Chapman believes it, because military and intelligence officials cannot, by law, lie to the American public. 

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Report: Russian Hacker Broke Into Sony & Is Still There