Sony Pictures suffered one of the largest cyber attacks in history, with attackers having stolen no less than 100 terabytes of sensitive data, including employees’ personal details and current and future business-related information, crippling the company’s internal network in the process. Even though the corporation was hit in late November, the attack was apparently planned for months, with Bloomberg having learned more details about how hackers might have operated.
FROM EARLIER: How hackers hacked Sony
The publication has talked to security specialists from Trend Micro and McAfee, who revealed that hackers might have had access to Sony’s internal network months before carrying out the actual attack. Furthermore, the hackers apparently used a significantly customized version of a known virus, which was acquired from the black market and then modified to deliver a certain kind of attack.
“They were probably in the system for months,” Trend Micro security evangelist Masayoshi Someya told Bloomberg. “One thing that’s very unique about the malware is that it had a payload with a particular time bomb-type capability.”
The virus, called WIPALL, works as a backdoor to an affected network, allowing access to intruders while being undetected.
Once it’s activated, the program initiates a 10-minute countdown, and “cloned minions disable security software, gain access to hard drive and network storage on all the infected computers, while also trying to log into any connected networks.”
When time is up, all the data is erased from computers and users see a static image of a red skeleton, along with a “Hacked by #GOP” message.