Sony Hackers Employed Apple ID Phishing Campaign, Claims New Study

North Korean cybercriminals probably employed phony Apple email IDs delivered to Information Technology administrators at SPE (Sony Pictures Entertainment) to embezzle passwords and logins, thus, overtaking its computer network in the entire process, a newly released study says, as accords to news reported by politico.com on April 21, 2015.

The threat actors trespassed Sony's network last fall just few days prior to Thanksgiving. The attacks left the networks crippled with large amounts of stolen company insights being dumped onto the Internet.

Stuart McClure, Chief Executive Officer of Cylance, a known security firm, claimed in a statement that he examined a database of Sony emails for leads to understand as to how hackers trespassed the computer network and stumbled upon a sample of phishing emails, exclusively drafted to embezzle passwords, as per news reported politico.com on April 21, 2015.

He claimed that during analysis, they recognized a continuous email referring to Apple ID email confirmation that genuinely emulated an official email. This email instructed users to confirm their Apple login credentials within 2-days or get locked out, he added.

When victims entered their Apple's username and password, a phishing webpage popped up that reported an error...it said that the password had not being entertained. Simultaneously, all user details were being harvested by cyber crooks who exploited them to connect with LinkedIn professional profiles of Sony employees. Following this, a victim's Sony username was successfully hatched by the criminal crooks. As soon as they infiltrated Sony's network, their own malware was distributed with the aid of software distribution mechanism.

The actuality that the threat actors employed an Apple username phishing campaign to abuse users does not mean that those exploited were using an Apple OS (Operating System) as they clicked open the phished email.

A large number of iOS patrons run Windows as well, claimed McClure.

To avert the incidence of a Sony-like hack anywhere in future, McClure suggested some simple security guidelines to business houses, which include monitoring of user credentials on a regular basis and mitigating the practice of password reuse, as per news published by eweek.com on April 21, 2015.

» SPAMfighter News - 4/28/2015