The Federal Bureau of Investigation (FBI) has warned US businesses that hackers used malicious software to launch a destructive cyber-attack, following a devastating breach last week at Sony Pictures Entertainment.
Cyber-security experts said the malicious software described in the alert appeared to describe the one that affected Sony, which would mark the first major destructive cyber attack waged against a company on US soil.
Such attacks have been launched in Asia and the Middle East, but none have been reported in the US. The FBI report did not say how many companies had been victims of destructive attacks.
“I believe the coordinated cyber-attack with destructive payloads against a corporation in the US represents a watershed event,” said Tom Kellermann, chief cyber-security officer with security software maker Trend Micro Inc. “Geopolitics now serve as harbingers for destructive cyber-attacks.”
The five-page, confidential “flash” FBI warning issued to businesses late on Monday provided some technical details about the malicious software used in the attack. It provided advice on how to respond to the malware and asked businesses to contact the FBI if they identified similar malware.
“The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods,” the report said.
The document was sent to security staff at some US companies in an email that asked them not to share the information.
The FBI released the document in the wake of last Monday’s unprecedented attack on Sony Pictures Entertainment, which brought corporate email down for a week and crippled other systems as the company prepares to release several highly anticipated films during the crucial holiday film season.
The FBI said it is investigating the attack with help from the Department of Homeland Security. Sony has hired FireEye Inc’s Mandiant incident response team to help clean up after the attack, a move that experts say indicates the severity of the breach.
While the FBI report did not name the victim of the destructive attack in its bulletin, two cyber-security experts who reviewed the document said it was clearly referring to the breach at the California-based unit of Sony Corp.
Hackers used malware similar to that described in the FBI report to launch attacks on businesses in highly destructive attacks in South Korea and the Middle East, including one against oil producer Saudi Aramco that knocked out some 30,000 computers.
Those attacks are widely believed to have been launched by hackers working on behalf of the governments of North Korea and Iran.
Security experts said repairing the computers requires technicians to manually either replace the hard drives on each computer, or re-image them, a time-consuming and expensive process.
The technology news site Re/code reported that Sony was investigating to determine whether hackers working on behalf of North Korea were responsible for the attack as retribution for the company’s backing of the film “The Interview.”
The movie, which is due to be released in the US and Canada on December 25th, is a comedy about two journalists recruited by the CIA to assassinate North Korean leader Kim Jong Un. The Pyongyang government denounced the film as “undisguised sponsoring of terrorism, as well as an act of war” in a letter to UN Secretary-General Ban Ki-moon in June.
The technical section of the FBI report said some of the software used by the hackers had been compiled in Korean, but it did not discuss any possible connection to North Korea.
Reuters
