The attackers have been named the “Lazarus Group” by the cybersecurity collective, which includes Novetta and Symantec Corp. By analyzing the malware used in the Sony hack, researchers have been able to trace the group’s activities using similar code around the world. The Lazarus Group was also behind a large attack on South Korean TV stations in 2013, as well as ongoing attacks on government, financial and media institutions in the U.S. and Asia. The researchers say they detected activity by the cybercrime group as recently as last week.
The U.S. has blamed the Sony Pictures hack on North Korea. The cybersecurity firms didn’t say outright that the country was responsible, but they did note that many of the Lazarus Group’s attacks center on South Korea and that their typical hours of operation match working hours in North Korea’s time zone.
“We believe the U.S. government assertion that [the Sony attack] was the work of a nation-state is far more likely than this being the work of a hacktivist group or a vindictive former employee,” Novetta CEO Peter LaMontagne said.