North Korean hackers linked to Sony Pictures attack have servers seized in Thailand

Hackers from the notorious Lazarus Group had compromised computer servers at a university in Thailand and used them to carry out the 2014 Sony Pictures attack

 

Anthony Cuthbertson
Monday 30 April 2018 16:48 BST
Comments
Hackers believed to be backed by North Korea have been responsible for some of the most high-profile cyber attacks in recent years
Hackers believed to be backed by North Korea have been responsible for some of the most high-profile cyber attacks in recent years (AFP/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Police in Thailand have seized a computer server operated by a notorious hacker group from North Korea.

The group affected has been blamed for the infamous Sony Pictures hack in 2014.

Thailand’s Computer Emergency Response Team (ThaiCERT) announced that it took control of the equipment that the security firm McAfee had linked to Hidden Cobra – also known as the Lazarus Group – that is believed to be behind a number of high-profile attacks.

A report from McAfee Advanced Threat Research found that a campaign referred to as Operation GhostSecret has been targeting critical infrastructure, entertainment, finance, healthcare, telecommunications and other key industries.

The group behind the campaign has been using the same malware as that used in the 2014 Sony Pictures attack, which saw vast amounts of confidential data stolen from the film studio.

“This analysis by the McAfee Advanced Threat Research team has found previously undiscovered components that we attribute to Hidden Cobra, which continues to target organizations around the world,” the researchers reported.

One of the servers identified in the report that had been used by the group was housed at Thammasat University in Bangkok, Thailand.

ThaiCERT said that it was working with McAfee to analyze the compromised server in an effort to understand ongoing threats and assist any potential victims.

The McAfee researchers also discovered a new type of malware that has been carrying out attacks undetected since 2017.

The report detailed how the unknown attack method was connected to recent operations involving servers in India, which hackers have been exploiting to establish a secret network to carry out future attacks.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in