Damballa finds tools related to the malware that hit Sony
Security company Damaballa said it has found two utilities that are closely related to capabilities seen in the destructive malware that hit Sony Pictures Entertainment last year.
The utilities were discovered as Damballa was investigating a new version of the “Destover” malware, which rendered thousands of computers unusable at Sony after attackers stole gigabytes of sensitive company information.
One key question in the Sony breach is how the attackers were able to evade security systems. What Damaballa found are two utilities that help mask new files introduced to a system.
“Both utilities would be used during an attack to evade detection while moving laterally through a network to broaden the attack surface,” wrote senior threat researchers Willis McDonald and Loucif Kharouni, in a blog post on Wednesday.