Assessment:
The hacker group called The Lazarus Group whom is allegedly behind the 2014 attack against Sony Pictures Entertainment has been linked to similar intrusions against a number of companies in South Korea including the Dark Seoul and Operation Troy attacks. The alliance of security companies called Operation Blockbuster, including Kaspersky Lab, Novetta, AlienVault, Invincea, Threat Connect, Volexity, Symantec, and PunchCyber today published detection signatures to their own software in hopes of disrupting the APT activities. The Lazarus Group’s collection of malware, including destructive wiper malware known as Destover, shares common characteristics among tens of attacks. The Destover malware, which overwrites the master boot record of a computer after the attackers pick it clean of files. In 2014 the attack leaked confidential emails on the internet, and also intellectual property such as scripts, film ideas and new movies. According to Brian Bartholomew, the group has been active going back to at least 2010 and remains active. The Lazarus Group has been connected to North Korea, according to the U.S. government in the wake of the Sony hack.
Relevance
The Lazarus Group is a well-established group that is linked to various cyber-attacks. The group also demonstrates various levels of technical skill and expertise that has been active since 2009. The Sony attack raised awareness as a destructive malware attack to a U.S company and presented much larger implications.
Significance
As a cybersecurity student/professional the information presented in this assessment is important, so myself and others are informed of the types of the attacks that occur daily. Meanwhile we live in an increasingly networked world, from personal banking to government infrastructure, high profile breaches raise fears that hack attacks and other security failures.
