Malware fuels growing suspicion that North Korea hacked Sony Pictures

The destructive malware that infected Sony Pictures’ network last week was written in Korean, a source familiar with a recent FBI alert told Fox News, further fueling suspicions that North Korea launched the cyber attack.

The source added that the Korean-written malware also may have been an effort to confuse investigators about its origin.

The FBI ‘Flash’ alert sent out in response to last week’s attack noted that the malware is written in Korean, according to the source. Investigators are considering whether a user’s credentials were stolen, the source added, or whether the malware was physically introduced into Sony’s system using a thumb drive or CD.

The alert was sent out to companies in the entertainment sector, laying out the characteristics of the so-called “wiper malware” used in the attack.

Fox News is told that the malware has two destructive threads: it overwrites data and it interrupts execution processes, such as a computer’s start-up functions.  The FBI warns that the malware can be so destructive that the data is not recoverable or it is too costly a process to retrieve.

There had already been speculation that Pyongyang may be behind the Sony Pictures hack. The studio’s forthcoming film “The Interview,” starring Seth Rogen and James Franco as journalists enlisted to assassinate dictator Kim Jong-un, has outraged North Korea.

The Sony Pictures hack is deeply worrying to the intelligence community because it is believed to be the first time destructive malware has targeted a U.S. firm, according to the source, who added that the cyber assault is seen as “retribution” for “The Interview.”

It is not clear how long the malware needs to be in the system before it brings on an almost complete paralysis. In the case of Sony, support functions -- including emails --were knocked off-line, seen as a distraction while the more destructive attack was launching.

Culver City, Calif.-based Sony Pictures is a subsidiary of Japanese tech and media giant Sony.

On Nov. 24, a hacking group called Guardians of Peace, or GOP, took over Sony Pictures’ corporate network and vowed to release sensitive corporate data if certain demands were not met. Variety reports that screener copies of at least five Sony movies were downloaded freely online following the hack. In a further twist, a spreadsheet appeared on a text-sharing site Monday purportedly showing the salaries of top Sony Pictures executives.

The source added that the malware is part of the “shifting cyberscape” where nation states such as China, Russia and North Korea, as well as criminal syndicates, are moving away from monetized data theft and denial of service attacks to actual destruction of data.  In other words, the data is no longer hijacked, but destroyed to send a message.

Unlike previous incidents -- such as the Stuxnet virus that attacked Iran’s nuclear program and the 2012 Shamoon malware attack on Saudi Aramco, which infected the hard drives of more than 30,000 computers -- the “wiper malware” is not targeted specifically to a brand or type of machine.

The FBI has confirmed its investigation into the Sony Pictures hack, but has not released any specific details of its probe.

“The FBI is working with our interagency partners to investigate the recently reported cyber intrusion at Sony Pictures Entertainment,” explained the agency, in a statement emailed to “The targeting of public and private-sector computer networks remains a significant threat, and the FBI will continue to identify, pursue and defeat individuals and groups who pose a threat in cyberspace.”