Andre Yoskowitz
13 Feb 2016 18:15
According to Juan Andrés Guerrero-Saade, senior security researcher with Kaspersky Lab's Global Research and Analysis Team, and Jaime Blasco of the Lab Intelligence and Research team at AlienVault Labs, the hackers behind the massive and devastating Sony Pictures attack in 2014 are still active and could be behind some other low-profile attacks.
"[T]hey didn't disappear...not at all," Guerrero-Saade said bluntly this week. In fact, the attackers appear to be behind attacks on a nuclear power plant operator in South Korea and Samsung, and the "digital crumbs" include some re-used passwords, code, and some other small lists.
The investigators began by looking at samples of the 'Destover' malware that wrecked critical data on the hacked Sony computers and then used proprietary methods to find similarities in other attacks.
Wired has an excellent run through of the researchers methods, and a critical update to anyone interested in the Sony Pictures hack.