Sony Pictures Entertainment might have been hacked by Russian blackhat hackers and not the Democratic People Republic of Korea. This news emerged this week after renowned Russian blackhat YamaTough revealed that a group of Russian hackers had shown him evidence that they still, as of January 2015, have access to Sony’s network.
When Sony Entertainment was hacked in November 2014, the Sony security committee and US cybercrime investigators were quick to assign blame to the DPRK cyber army claiming that the motivation for the attacks was to stop the release of the movie “The Interview” which makes fun of the DPRK’s leader.
This is now being strongly doubted after reports emerged that Russian blackhats hacked Sony. The attack was carefully planned and perpetrated over some period of time with the precision of a military operation.
The Russian hackers first hacked into the Sony Entertainment computers in their Asian branches. The hackers first accessed SPE’s Culver City, California network in late 2014 through a spear phishing attack on Sony employees in Russia, India and other parts of Asia, U.S. security intelligence firm Taia Global explained a report.
“Those emails contained an attached .pdf document that was loaded with a Remote Access Trojan (RAT),” states the the report. Once Sony Pictures employees’ computers were infected, the hackers moved across the invernal network and violated the California network. The bad news is that the hackers are still inside the network, according to Taia Global.
When the Russian group gained access to the Sony computers, they downloaded thousands of sensitive documents and confidential emails. Some of the stolen files were scripts to unreleased movies, budgets, casting information for future movies and financial information on the different movie franchises that Sony works with. The employees in the Sony offices realized they had been attacked after their computers started displaying a skulls and a message purportedly from a group calling itself the Guardians of Peace (GOP).
After it emerged that Sony Pictures Entertainment had been hacked, the company’s cyber security team and the US experts investigating the matter were quick to assign blame to the North Koreans. But thankfully for Korea, China didn’t backed the US to get aggressive against them.
In order to quell any doubts that the Russian hackers had hacked Sony, Yama Tough provided the Taia Global with files which were not part of what Sony dumped after the November hack. In fact, Yama provided emails from January 2015 indicating the hackers still ‘owned’ Sony’s network.
In mid-January, Yama Tough provided Taia Global President Jeffrey Carr with several Excel spreadsheets and emails allegedly stolen from Sony Pictures Entertainment by an unnamed Russian hacker, who Yama Tough claimed was a member of an attack team that hacked into SPE’s network.
The revelations carried by the Taia Global have now raised concerns over the qualification of the Sony Pictures security team. More importantly, the question that now begs answers is why the US authorities did not know that the hack was perpetrated by Russian.
“The Taia report raises questions about the sources and methods used by Sony’s investigators and the U.S. government who failed to identify the Russian hackers involved and to differentiate them from the alleged DPRK hackers.”
This is further strengthened by the fact that a linguistic analysis if the message by the GOP points towards the authors being Russian rather than Korean.
As it is of now, experts across the world are saying that there are two possible scenarios regarding the Sony hack. Either the Russians hacked the company or both (the Koreans and Russians) were involved. In both cases, the involvement of the Russians cannot be denied.
Ali Qamar is an Internet security research enthusiast who enjoys “deep” research to dig out modern discoveries in the security industry. He is the founder and chief editor at Security Gladiators, an ultimate source for cyber security. To be frank and honest, Ali started working online as a freelancer and still shares the knowledge for a living. He is passionate about sharing the knowledge with people, and always try to give only the best. Follow Ali on Twitter @AliQammar57
(Security Affairs – Sony Pictures, Russian hackers)