Details of malware that may have been associated with the attack on Sony Pictures were disseminated in an FBI “Flash” earlier this week. A copy of the memorandum obtained by Ars Technica details “a destructive malware used by unknown computer network exploitation (CNE) operators” that can destroy all the data on Windows computers it infects and spread itself over network file shares to attack Windows servers.
Meanwhile, Re/code reports that Sony is ready to announce that the company has attributed the attack on its network to North Korea, according to sources at the company. Given the details of the malware and its similarity to an attack on South Korean companies last year, a tie to North Korea seems possible, though the people taking credit for the attack claim it was motivated by Sony Pictures’ alleged discrimination in the layoffs and firings of employees during a corporate reorganization started earlier this year.
The malware used in the attack, which has been described by a Sony spokesperson as “very sophisticated,” is almost certainly the same as that identified in the FBI memo. That malware uses Microsoft Windows’ own management and network file sharing features to propagate, shut down network services, and reboot computers—and files named for key Windows components to do most of the dirty work of communicating with its masters and wreaking havoc on the systems it infects.