The FBI has concluded that North Korea is to blame for the devastating hacking attack against Sony Pictures. "North Korea's actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves," the agency said in a statement released today. "Such acts of intimidation fall outside the bounds of acceptable state behavior."
Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.
The hack resulted in a leak of emails and other documents from the movie studio, and led to the cancelation of the The Interview, the Kim Jong-un assassination flick that apparently triggered the cyberattack. Thursday night, Sony reportedly received a new email from the "Guardians of Peace," the group that's claimed responsibility for the hack. As a result of that message, which contained new threats, Sony took down The Interview's website and its promotional materials on YouTube earlier today.