State-sponsored or not, Sony Pictures malware “bomb” used slapdash code

According to multiple reports, unnamed government officials have said that the cyber-attack on Sony Pictures was linked to the North Korean government. The Wall Street Journal reports that investigators suspect the attack was carried out by Unit 121 of North Korea’s General Bureau of Reconnaissance, the country’s most elite hacking unit.

But if the elite cyber-warriors of the Democratic People’s Republic of Korea were behind the malware that erased data from hard drives at Sony Pictures Entertainment, they must have been in a real hurry to ship it.

Analysis of a malware sample matching the MD5 hash signature of the “Destover” malware that was used in the attack on Sony Pictures by researchers at Cisco revealed that the code was full of bugs, and anything but sophisticated. It was the software equivalent of a crude pipe bomb.

Read 11 remaining paragraphs | Comments