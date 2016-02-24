| SAN FRANCISCO
SAN FRANCISCO Feb 24 The perpetrators of the
2014 cyber attack on Sony Pictures Entertainment were not
activists or disgruntled employees, and likely had attacked
other targets in China, India, Japan and Taiwan, according to a
coalition of security companies that jointly investigated the
Sony case for more than a year.
The coalition, organized by security analytics company
Novetta, concluded in a report released on Wednesday that the
hackers were government-backed but it stopped short of endorsing
the official U.S. view that North Korea was to blame.
The Obama administration has tied the attack on Sony Corp's
film studio to its release of "The Interview," a comedy
that depicted the fictional assassination of North Korean leader
Kim Jong Un.
Novetta said the breach "was not the work of insiders or
hacktivists."
"This is very much supportive of the theory that this is
nation-state," Novetta Chief Executive Peter LaMontagne told
Reuters. "This group was more active, going farther back, and
had greater capabilities and reach than we thought."
Novetta worked with the largest U.S. security software
vendor Symantec Corp, top Russian security firm
Kaspersky Lab and at least 10 other institutions on the
investigation, a rare collaboration involving so many companies.
They determined that the unidentified hackers had been at
work since at least 2009, five years before the Sony breach. The
hackers were able to achieve many of their goals despite modest
skills because of the inherent difficulty in establishing an
inclusive cyber security defense, the Novetta group said.
LaMontagne said the report was the first to tie the Sony
hack to breaches at South Korean facilities including a power
plant. The FBI and others had previously said the Sony attackers
reused code that had been used in destructive attacks on South
Korean targets in 2013.
The Novetta group said the hackers were likely also
responsible for denial-of-service attacks that disrupted U.S.
and South Korean websites on July 24, 2009. The group said it
found overlaps in code, tactics and infrastructure between the
attacks.
Symantec researcher Val Saengphaibul said his company
connected the hackers to attacks late last year, suggesting the
exposure of the Sony breach and the threat of retaliation by the
United States had not silenced the gang.
The coalition of security companies distributed technical
indicators to help others determine if they had been targeted by
the same hackers, which Novetta dubbed the Lazarus Group.
(Reporting by Joseph Menn; Editing by Tiffany Wu)