The FBI has sent out an alert about a major destructive cyber-attack on a US business, in an apparent reference to last week’s Sony Pictures Entertainment hack.
The report said the malware overrides all data on hard drives of computers, including the master boot record, which prevents them from booting up, which cyber-security experts said describes the malicious software that affected Sony.
The five-page, confidential "flash" FBI warning issued to businesses late yesterday provided some technical details about the malicious software used in the attack as well as advice on how to respond to the malware and asked businesses to contact the FBI if they identified similar malware.
While such attacks have been launched in Asia and the Middle East, the Sony incident is the first major destructive cyber-attack waged against a company on US soil. The FBI report did not say how many companies had been victims of destructive attacks.
"I believe the coordinated cyber-attack with destructive payloads against a corporation in the US represents a watershed event," said Tom Kellermann, chief cyber-security officer with security software maker Trend Micro. "Geopolitics now serve as harbingers for destructive cyber-attacks."
The FBI, which is investigating the attack with help from the Department of Homeland Security, sent the document to security staff at some US companies in an email that asked them not to share the information.
"The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods," the report said.
A Sony spokeswoman said the company had "restored a number of important services" and was "working closely with law enforcement officials to investigate the matter." She declined to comment on the FBI warning.
FBI spokesman Joshua Campbell declined comment when asked if the software had been used against the California-based unit of Sony, although he confirmed that the agency had issued the confidential "flash" warning, which Reuters independently obtained.
"The FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations," he said. "This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals."
Hackers used malware similar to that described in the FBI report to launch attacks on businesses in highly destructive attacks in South Korea and the Middle East, including one against oil producer Saudi Aramco that knocked out some 30,000 computers.
Security experts said that repairing the computers requires technicians to manually either replace the hard drives on each computer, or re-image them, a time-consuming and expensive process.
The FBI report said the attackers were "unknown", but the previous attacks are widely believed to have been launched by hackers working on behalf of the governments of North Korea and Iran.
Technology news site Re/code reported that Sony was investigating to determine whether hackers working on behalf of North Korea were responsible for the attack as retribution for the company's backing of the film 'The Interview' – a comedy about two journalists recruited by the CIA to assassinate North Korean leader Kim Jong Un.
The technical section of the FBI report said some of the software used by the hackers had been compiled in Korean, but it did not discuss any possible connection to North Korea.