FBI warns of 'destructive' malware in wake of Sony attack

By Jim Finkle, Reuters

Posted at Dec 02 2014 09:19 AM | Updated as of Dec 02 2014 07:07 PM

BOSTON - The U.S. Federal Bureau of Investigation warned U.S. businesses that hackers have used malicious software to launch destructive attacks in the United States, following a devastating cyber attack last week at Sony Pictures Entertainment.

The five-page, confidential "flash" warning issued to businesses late on Monday provided some technical details about the malicious software that was used in the attack, though it did not name the victim.

Two cybersecurity experts who reviewed the document and were familiar with the Sony attack said that they were sure the agency was referring to the breach at the California-based unit of Sony Corp.

"This correlates with information about that many of us in the security industry have been tracking," said one of the people who reviewed the document. "It looks exactly like information from the Sony attack."

FBI spokesman Joshua Campbell declined comment when asked if the software had been used against the California-based unit of Sony Corp, though he confirmed that the agency had issued the confidential "flash" warning, which Reuters independently obtained.

"The FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations," he said. "This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals."

It does not name victims of attacks in those reports.

The report said the malware overrides data on hard drives of computers and can make them inoperable and shut down networks.

"This malware has the capability to overwrite a victim host’s master boot record and all data files," the report said. "The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods."

Hackers have used similar malware to launch attacks on businesses in highly destructive attacks in South Korea and the Middle East, but security experts said that if the malware was indeed used on Sony, it would be the first large-scale attack of its type launched against a company on U.S. soil.

"It's a game changer," Clemens said.

The alert provided advice on how to respond to attacks and asked companies to contact the FBI if they identified similar malware.