The attackers have been named the “Lazarus Group” by the cybersecurity collective, which includes Novetta and Symantec Corp. By analyzing the malware used in the Sony hack, researchers have been able to trace the group’s activities using similar code around the world. The Lazarus Group was also behind a large attack on South Korean TV stations in 2013, as well as ongoing attacks on government, financial and media institutions in the U.S. and Asia. The researchers say they detected activity by the cybercrime group as recently as last week.
The U.S. has blamed the Sony Pictures hack on North Korea. The cybersecurity firms didn’t say outright that the country was responsible, but they did note that many of the Lazarus Group’s attacks center on South Korea and that their typical hours of operation match working hours in North Korea’s time zone.
“We believe the U.S. government assertion that [the Sony attack] was the work of a nation-state is far more likely than this being the work of a hacktivist group or a vindictive former employee,” Novetta CEO Peter LaMontagne said.
More Must-Read Stories From TIME
- The Fight to Save the Salmon
- Inside the World of Black Bitcoin, Where Crypto Is About Making More Than Just Money
- The 'Great Resignation' Is Finally Getting Companies to Take Burnout Seriously. Is It Enough?
- Suddenly, Everyone on TV Is Very Rich or Very Poor. What Happened?
- Colin Powell Reflects on His Mistakes in Unpublished TIME Interview
- Business Travel's Demise Could Have Far-Reaching Consequences
- If the U.S. Spends Big on Climate, the Rest of the World Might Follow