208.txt

Security Experts Reveal Attack Mechanism Behind Lazarus Groups Sony Pictures Breach
The 2014 Sony Pictures hack brought the Lazarus group into global focus. When Sony Pictures released "The Interview" trailer on YouTube, triggering strong reactions from North Korea, Lazarus infiltrated the company within 10 days, leaking unreleased films, executive emails, and employee privacy data, forcing Sony to cancel the movie's release. Security experts discovered the BKDR_WIPALL malware generating destructive images on employee screens, which deleted files and disabled Microsoft Exchange services. image001 Damballa researchers Willis McDonald and Loucif Kharouni analyzed the Destover wiper malware containing advanced anti-forensic capabilities. While initially used for data destruction in the Sony attack, Kaspersky Lab later identified Destover variants carrying stolen Sony digital certificates. These evolved versions employed evasion techniques like timestomping via setMFT (copying disk timestamps) and afset (erasing Windows logs/attributes), indicating sophisticated state-sponsored operation. image003 "Gaining foothold in victim networks remains primary objective. Historical breaches show attackers typically maintain months-long潜伏 before major曝光." image005 Post-Sony, Lazarus evolved into a global threat actor conducting Bangladesh Central Bank heist, WannaCry ransomware campaigns, cryptocurrency exchange attacks, and KNPP nuclear facility intrusions. Security communities now recognize Lazarus' capabilities far exceed typical APT groups.