Home » Hardware, Picture Gallery » AlienVault Helps Expose the Actors Behind the Sony Attacks

AlienVault Helps Expose the Actors Behind the Sony Attacks

SAN MATEO, CA — (Marketwired) — 02/24/16 — AlienVault, the leading provider of and crowd-sourced , together with and other industry partners, is proud to announce its contribution to Operation Blockbuster, a collaborative initiative created to share information about the Lazarus Group. This group was responsible for the attack against Sony Pictures Entertainment in 2014 and several other major operations since at least 2009, including DarkSeoul, a devastating attack conducted against companies in the financial and media sectors in 2013. To learn more about AlienVault–s findings on the Lazarus Group–s malicious activity, please visit:

“The Lazarus Group has the necessary skills and determination to perform cyber espionage operations for the purpose of stealing data or causing damage. By combining this with the use of sophisticated disinformation and deception techniques, the attackers have been able to launch several successful operations over the last few years,” said Jaime Blasco, chief scientist at AlienVault. “However, Operation Blockbuster serves as an example of how industry-wide information sharing and collaboration can set the bar higher to prevent this group from continuing its operations.”

As part of a joint investigation between AlienVault and Kaspersky Labs, researchers from both companies linked multiple technical indicators as well as TTP–s (Tactics, Techniques, and Procedures) to attribute several families to the same actor, as other participants in Operation Blockbuster confirmed in their own analysis. These indicators consisted of reuse of code as well as passwords and techniques used in different malware families. Armed with this information, AlienVault, Kaspersky and other Operation Blockbuster partners were able to determine that the Lazarus Group was also behind well-known destructive cyber espionage attacks including DarkSeoul, Operation Troy and Wild Positron / Duzzer among other operations.

“Not only are the number of wiper attacks growing at a steady rate, but this kind of malware is also proving to be a highly effective type of cyber-weapon,” said Juan Guerrero, senior security researcher at Kaspersky Lab. “With the power to wipe thousands of computers with the push of a button, a Computer Network Exploitation team can cause significant disruption to a targeted enterprise. Working with our industry partners, we are proud to put a dent in the operations of an unscrupulous threat actor leveraging these devastating techniques.”

“At AlienVault, we believe in the power of open and collaborative threat sharing. We developed AlienVault Open Threat Exchange back in 2012, to enable everyone in the OTX community to contribute their own threat data, and in return, get access to everyone else–s threat data. This exchange allows for a crowd-sourced, open and collaborative forum that collects global threat intelligence from attack victims and empowers organizations to better detect threats and mitigate damage from attacks,” continued Blasco.

“Through Operation Blockbuster, Novetta, AlienVault, and our partners have continued efforts to establish a methodology for disrupting the operations of globally significant attack groups and attempting to mitigate their efforts to inflict further harm,” said Andre Ludwig, senior technical director, Novetta Threat Research and Interdiction Group. “The level of in-depth technical analysis conducted in Operation Blockbuster is rare, and sharing our findings with industry partners, so we all benefit from increased understanding, is even rarer.”

To learn more about Novetta–s findings on the Lazarus Group visit:

Learn more about
Learn more about and the
to AlienVault–s blogs
Follow AlienVault on Twitter

AlienVault has simplified the way organizations detect and respond to today–s ever evolving threat landscape. Our unique and approach, trusted by, combines the essential security controls of our all-in-one platform, AlienVault, with the power of AlienVault–s, the world–s largest crowd-sourced threat intelligence community, making effective and affordable threat detection attainable for resource-constrained IT teams. AlienVault is a privately held company headquartered in Silicon Valley and backed by Trident Capital, Kleiner Perkins Caufield & Byers, Institutional Venture Partners, GGV Capital, Intel Capital, Jackson Square Ventures, Adara Venture Partners, Top Tier Capital and Correlation Ventures.

AlienVault, Open Threat Exchange and Unified Security Management are trademarks of AlienVault. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.

Susan Torrey

Posted by on 24. February 2016. Filed under Hardware, Picture Gallery. You can follow any responses to this entry through the RSS 2.0. You can leave a response or trackback to this entry

You must be logged in to post a comment Login


© 2024 So-Co-IT. All Rights Reserved. Log in - Copyright by LayerMedia

Blogverzeichnis - Blog Verzeichnis bloggerei.de Blog Top Liste - by TopBlogs.de Bloggeramt.de