Sony Picture attacked by Russian hackers not North Korea
A new report claims to have evidence Sony Pictures was hacked by a group of Russian hackers and not North Korea as the US government says Reuters

Security firm Taia Global claims to have received evidence which shows that Russian hackers breached Sony Pictures and continue to have unauthorised access to its systems.

Taia Global's report - entitled The Sony Breach: From Russia, No Love - says a team of Russian hackers gained access to Sony Pictures computer systems at its headquarters in Culver City, California in late 2014 by sending spear phishing emails to Sony employees in Russia, India and other parts of Asia.

The report claims the breach is on-going and is at odds with the claim by the US government that North Korea is behind the attack.

Details about this attack come from Taia Global's president Jeffrey Carr who has been in communication with Yama Tough, a Russian hacker living in Ukraine who made contact with one of the Russian crew involved in the Sony breach.

Tough is a black-hat hacker who has served time in US prisons and has previously been contracted by the Russian and Ukrainian governments.

He made contact with an unnamed Russian hacker in January who claimed to be responsible for the Sony breach. The report says the unnamed hacker worked at some point for Russia's Federal Security Service.

On-going attack

Tough was provided with evidence of the Russian hackers' claims, and shared some of these with Carr.

The documents include seven Excel spreadsheets, five of which are dated from 30 November, 2014 through 10 December, 2014; and six email messages, two of which are dated 14 January and 23 January, 2015.

The dates of the emails suggest the breach is on-going and in its report Taia Global says:

Sony Pictures Entertainment remains in a state of breach and is actively losing files to Russian mercenary hackers.

The cache of evidence also includes the "Employee Update" message sent by Sony management on 8 December which discussed the "system disruption" and advised all employees not to use any thumb drives that had been plugged into Sony's network prior to 23 November.

Taia says it has independently verified the authenticity of one of these documents with the analyst who created it.

None of the documents have been previously leaked by the hacking group known as Guardians of Peace (GOP), which claimed credit for the breach of Sony Picture's systems.

The timing of the breach by the Russian hackers would coincide with news of an attack on Sony Pictures which was first reported in late November 2014, and led to a devastating series of leaks by GOP, culminating in the group threatening violence if the film The Interview was released.

FBI blames North Korea

The FBI and some security experts have pointed the finger of blame at North Korea, claiming the dictatorship was annoyed at the depiction of Kim Jong-un in the comedy film which details an assassination plot against him.

US government monitored North Korean hackers since 2010
The Interview - the film which is said to be the reason North Korea hacked Sony PicturesSony Pictures

Many in the security industry however have claimed the evidence against North Korea is tenuous and don't believe it is responsible for the attack.

John McAfee, the former anti-virus pioneer, told IBTimes UK last month that he had been speaking to the hackers behind the attack and it was 100% not North Korea.

According to Taia Global, the new evidence suggest two possibilities:

  • One: The Russian hackers and North Korean hackers ran separate attacks simultaneously against Sony Pictures.
  • Two: The North Korean government's denial of involvement in the Sony breach is accurate; meaning that they had nothing to do with the Sony attack, that other hackers did, and at least one or more of those that did were Russian.

"The presence of Russians in an attack attributed with the highest confidence of the US intelligence community to the DPRK suggests that those who speculated about multiple attackers with different agendas were correct. Another option is that the DPRK was telling the truth when they denied involvement in the Sony attack," the report says.

This is not the first time Taia Global has suggested Russian hackers were behind the Sony Pictures attack. In December 2014 the company conducted linguistic analysis of the messages posted online by the GOP and the results concluded the hackers were much more likely to be Russian than North Korean.

Going back even further, in the wake of a devastating attack on Sony's PlayStation Network in 2011, widely attributed to hacktivist group Anonymous, several hacking groups breached the company's cyber-defences with a Russian hacking ring causing the most damage by stealing and selling video games.