BlockBuster Operation: dismantling Lazarus Group Tools
An investigation carried out between several cybersecurity companies like Novetta, Kaspersky Lab and AlienVault, denominated Blockbuster Operation, reveals that different security attacks are related to the organization known as Lazarous Group or Guardians of Peace.
This study showed that the malware Destover (used in the Sony attack) was present in some way in other attacks, as well as reused code fragments that showed its "modus operandi". Other indicators such as the repetition of passwords, the techniques used to avoid the detection of the antivirus and the way to eliminate its trace were recurrent in this group.
In this way Blockbuster was able to attribute to Lazarous Group attacks against multiple financial entities, media and critical infrastructures in numerous countries between the years 2009 and 2015.
De este modo la Operación Blockbuster pudo atribuir a Lazarous Group ataques contra múltiples entidades financieras, medios de comunicación e infraestructuras críticas en numerosos países entre los años 2009 y 2015.
References:
- 24/11/2014 certsi.es Sony Pictures hackeado
- 05/02/2016 certsi.es El Banco Central de Bangladesh sufre el robo de 100 millones de dólares
- 25/02/2016 globbsecurity.com Operación Blockbuster: tras los pasos de los responsables del ataque a Sony
- 24/02/2016 securelist.com Operation Blockbuster revealed
- 24/02/2016 operationblockbuster.com Operation Blockbuster