Menu
Russian hackers have a foothold in Sony Pictures' network, security firm says

Russian hackers have a foothold in Sony Pictures' network, security firm says

Taia Global says that either intruders from the November breach never left, or Sony Pictures was hacked a second time

Sony Pictures Entertainment (SPE) might have a second security breach on its hands, or maybe the hackers from November's scandalous attack are still inside the company systems, according to a security firm that claims to have seen evidence of Russian hackers having access to SPE internal data.

The hackers accessed SPE's Culver City, California network in late 2014 by sending spear phishing emails to Sony employees in Russia, India and other parts of Asia, U.S. security intelligence firm Taia Global said Wednesday in a report.

"Those emails contained an attached .pdf document that was loaded with a Remote Access Trojan (RAT)," the report reads, adding that once employees' computers were infected, the hackers used advanced pivoting techniques to gain access to the California network. The hackers are still inside the network, according to Taia Global.

Taia Global claims that it obtained evidence supporting its conclusions through a Russian hacker known online as Yama Tough who, Taia Global said, served prison time in the U.S. for hacking offenses and was responsible for stealing source code from antivirus firm Symantec.

In mid-January, Yama Tough provided Taia Global president Jeffrey Carr with several Excel spreadsheets and emails allegedly stolen from Sony Pictures Entertainment by an unnamed Russian hacker, who Yama Tough claimed was a member of an attack team that hacked into SPE's network.

In November a group of hackers called the Guardians of Peace launched a destructive malware attack against SPE computers after gaining access to the company's network and stealing terabytes of sensitive documents. The group dumped some of the data online in the weeks following the breach.

The U.S. government blamed the North Korean government for the attack, with both FBI and NSA officials saying they're confident about the attribution. Some security firms and experts did not agree, including Taia Global, which based on a linguistic analysis of the English statements made by Guardians of Peace members following the attack concluded that they're most likely native Russian speakers.

Now Taia Global, given the evidence it has in its possession, thinks one of these two scenarios is closer to reality than the assessment from Sony and the U.S. government:

First, the Guardians of Peace and this newly-discovered Russian hacker group are one and the same. This would mean that Sony, its security contractors that investigated the breach and the U.S. government failed to identify all of the intruders' footholds in the SPE network, so attackers are still lurking in there.

Or second, the Guardians of Peace and the Russian hackers are different groups, and the latter has escaped detection so far.

While most of the SPE documents Taia Global claims to have obtained from the Russian hacker are from November and December, two of the emails are dated Jan. 14 and Jan. 23 respectively. This proves that "one or more Russian hackers were in Sony Pictures Entertainment's network at the time of the Sony breach [by Guardians of Peace] and continue to have access to that network today," Taia Global said.

Taia Global claims that two independent sources confirmed that the SPE documents shared by the Russian hacker with it were not among those previously leaked by Guardians of Peace on the Internet. That could be because the Guardians of Peace group retained some of the documents it stole and released them now. Or it could mean that the Guardians of Peace or a different group still have access to the network. Furthermore, "Taia Global has received independent confirmation from the author of one of the documents listed that it is indeed authentic," the company said.

Sony Pictures Entertainment did not immediately respond to a request for comment.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Taia Globalintrusionsecuritydata breachSony Pictures Entertainment

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments