Ars Technica reports: According to multiple reports, unnamed government officials have said that the cyber attack on Sony Pictures was linked to the North Korean government. The Wall Street Journal reports that investigators suspect the attack was carried out by Unit 121 of North Korea’s General Bureau of Reconnaissance, the country’s most elite hacking unit.
But if the elite cyber-warriors of the Democratic People’s Republic of Korea were behind the malware that erased data from hard drives at Sony Pictures Entertainment, they must have been in a real hurry to ship it.
Analysis by researchers at Cisco of a malware sample matching the MD5 hash signature of the “Destover” malware that was used in the attack on Sony Pictures revealed that the code was full of bugs and anything but sophisticated. It was the software equivalent of a crude pipe bomb.
Compared to other state-sponsored malware that researchers have analyzed, “It’s a night and day difference in quality,” said Craig Williams, senior technical leader for Cisco’s Talos Security Intelligence and Research Group, in an interview with Ars. “The code is simplistic, not very complex, and not very obfuscated.” [Continue reading…]