The hackers (or solitary hacker) who attacked Sony Pictures’ computers last week has used malicious software to gain access to the company’s system, to perform the first destructive cyber attack in the United States, the FBI has warned businesses in the US. Similar attacks have been launched before in Asia and the Middle East, but never before on American soil, the Washington Post reports.
The FBI warning – a five-page document issued by the Bureau to businesses across the US – provided some technical details about the malware used for the attack along with advice on how to deal with it. It asked businesses to contact the FBI if they detect similar malware on their computers. According to the report, the software overrides all data on the infected computer’s hard drives, including the master boot record, making it impossible for the computers to boot up. Besides rendering the computers unusable, the malware also overwrites data files, making them impossible to recover by using traditional forensic methods. This can lead to extended loss of information and data. The warning was sent out by the Bureau to security personnel at several US companies, with the request not to be shared.
The FBI is investigating the matter with the help of the Department of Homeland Security, while Sony Pictures has hired Mandiant, an incident-response team at FireEye to clean their computer systems after the attack. Although there was no mention of Sony Pictures in the confidential FBI warning, cybersecurity experts agree that it clearly refers to the November 24 attack. According to reports, hackers have used malware similar to the one described in the FBI’s current warning in a series of attacks in South Korea and the Middle East before. An attack against Aramco, a Saudi oil producer, is one of them – the attack knocked out tens of thousands of its computers.
Sony has not identified the source of the attack yet, but thinks that it might be tied to North Korea, as retaliation for the recent movie “The Interview”.