The FBI is warning businesses that hackers have launched a coordinated, destructive cyberattack using malware similar to that seen in last week’s Sony Pictures cyberattack, Reuters reported.
If true, it would be the first destructive cyber offensive in the U.S. In a destructive attack, hackers permanently erase data instead of merely stealing or restricting access to data.
It would be “a watershed event,” Tom Kellermann, chief cybersecurity officer for security software manufacturer TrendMicro, told Reuters.
The FBI issued the confidential warning to businesses late on Monday.
To this point, such attacks have only been seen in Asia and the Middle East.
The tactics described in the FBI’s bulletin resemble those used in a 2012 destructive attack on oil producer Saudi Aramco, the world’s largest company. Hackers suspected to be working with Iran and North Korea deleted the data on 30,000 computers.
The malware, the FBI explained, overrides the data on hard drives and prevents them from booting up.
“The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods," the report said.
Last week, hackers using the name Guardians of Peace took over Sony Pictures’ computers, replacing all home screens with an image of a red skeleton and green spiders. The group also stole a number of unreleased Sony films as well as employees’ passport information, bank records, and email messages. Over the weekend, they leaked the stolen films online.
Sony hasn’t yet said whether any data was deleted.
Sony is reportedly investigating the possibility that the attack came from North Korea, where the hackers might be seeking revenge for an upcoming film parodying the reclusive nation’s leader, Kim Jong Un.
The FBI’s bulletin said some of the hackers’ software had been compiled in Korean, but did not specifically mention North Korea.