A new whitepaper has been released by Taia Global which claims that Russian hackers “also breached Sony” and “those hackers still have access to Sony’s network.”
The US government has squarely blamed North Korea for the attack. The attack which we are referring to captured the imagination of the general public in December of 2014. The movie “The Interview” was initially pulled from theatres by Sony Pictures and subsequently was released on the internet. Security experts the world over questioned the US claim of North Korea being behind the attack. It is unclear how much of a reputation loss Sony suffered. The support for free speech that prompted the small theatres to show the movie in the US and the subsequent viewer turnout made a bigger impact than any reputation loss.
Sony subsequently hired Fireeye to manage the recovery and clean-up process. Sony has released preliminary results for Q3, which states that the investigation and remediation costs related to the cyberhack is USD 15 Million.
In the meanwhile, Taia Global has released a whitepaper which claims that the hack was done by a Russian hacker group.
An extract from the executive summary of the report
“A team of Russian hackers gained access to Sony Pictures Entertainment Culver City network
in late 2014 by sending spear phishing emails to Sony employees in Russia, India and other
parts of Asia. Those emails contained an attached .pdf document that was loaded with a
Remote Access Trojan (RAT). Once Sony employees’ computers were infected, the hackers
used advanced pivoting techniques to gain access to the Sony Pictures Entertainment network
in Culver City CA where they continue to have access as of today.
The evidence contained in this report suggests two possibilities:
One – that Russian hackers and North Korean hackers ran separate attacks simultaneously
against Sony Pictures Entertainment.
Two – that the North Korean government’s denial of involvement in the Sony breach is accurate;
meaning that they had nothing to do with the Sony attack, that other hackers did, and at least
one or more of those that did were Russian.
Regardless of which possibility is correct, the attribution made in the Sony case failed to
differentiate or even acknowledge that more than one state or non-state actor was involved.
Furthermore, the Data Forensics and Incident Response companies hired by Sony to remediate
this breach have, to date, failed to do so.
Sony Pictures Entertainment remains in a state of breach and is actively losing files to Russian
mercenary hackers.”