“This correlates with information about that many of us in the security industry have been tracking,” said one of the people who reviewed the document. “It looks exactly like information from the Sony attack.”
FBI spokesman Joshua Campbell declined comment when asked if the software had been used against the California-based unit of Sony Corp, although he confirmed that the agency had issued the confidential “flash” warning, which Reuters independently obtained.
“The FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations,” he said. “This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals.”
The FBI typically does not identify victims of attacks in those reports.
Hackers used malware similar to that described in the FBI report to launch attacks on businesses in highly destructive attacks in South Korea and the Middle East, including one against oil producer Saudi Aramco that knocked out some 30,000 computers.
Those attacks are widely believed to have been launched by hackers working on behalf of the governments of North Korea and Iran.
Security experts said that repairing the computers requires technicians to manually either replace the hard drives on each computer, or re-image them, a time-consuming and expensive process.
Monday’s FBI report said the attackers were “unknown.” Yet the technology news site Re/code reported that Sony was investigating to determine whether hackers working on behalf of North Korea were responsible for the attack as retribution for the company’s backing of the film “The Interview.” The movie, which is due to be released in the United States and Canada on Dec. 25, is a comedy about two journalists recruited by the CIA to assassinate North Korean leader Kim Jong Un.
The Pyongyang government denounced the film as “undisguised sponsoring of terrorism, as well as an act of war” in a letter to U.N. Secretary-General Ban Ki-moon in June. The technical section of the FBI report said some of the software used by the hackers had been compiled in Korean, but it did not discuss any possible connection to North Korea.