Sony Pictures has refused to identify North Korea as the origin of a devastating cyber-attack against the studio's internal systems which saw personal and financial information about its employees stolen and distributed online.
Earlier reports on Wednesday suggested Sony was going to name North Korea as the source of the attack, but in a statement to the AFP press agency, Sony said those reports were "not accurate" and that "the investigation continues into this very sophisticated cyberattack."
Sony Picture did confirm the validity of a memo which was sent to employees of the studio on Wednesday, and which was published by Variety.
The memo comes from the Michael Lynton and Amy Pascal, who head up Sony Pictures, who say they are "deeply saddened" by what they call a "brazen" attack.
It is now apparent that a large amount of confidential Sony Pictures Entertainment data has been stolen by the cyber attackers, including personnel information and business documents. The privacy and security of our employees are of real concern to us, and we are deeply saddened at this concerted effort to do damage to our company, undermine our morale, and discourage us.
Lynton and Pascal then go on to say that employees should assume that their personal information is compromised and says it will offer those affected identity protection services with third-party service provider, AllClear ID.
However the employees details are already being traded online, with huge global databases of Sony Pictures employees being made freely available on torrent sharing websites this week.
The hackers have also release five of Sony Pictures' latest movies onto torrent sites, including the yet-to-be-released Annie and the recently release Brad Pitt film Fury.
Iran-North Korea cooperation
For the last week, there has been rising speculating that the hackers behind the devastating hack on Sony Pictures were working on behalf of North Korea - but some evidence suggests that the hackers could in fact be linked to Iran.
The Washington Post, quoting sources within the investigation reported that the malware used was similar to that used in attacks in South Korea but also in the Middle East, and specifically against Saudi Aramco, the world's largest oil company, which knocked 30,000 computers offline.
That attack, which took place in 2012, has been linked to a group of Iranian state-sponsored hackers which were set up in the wake of the Stuxnet attack against a nuclear enrichment facility in Natanz.
This week the same Iranian group were revealed to be carrying out an on-going and sophisticated cyber-attack campaign against more than 50 organisations in the areas such as energy, military intelligence, hospitals, universities as well as specifically targeting airports and airlines.
The report into this campaign, dubbed Operation Cleaver, also says:
"In September 2012, Iran signed an extensive agreement for technology cooperation agreement with North Korea, which would allow for collaboration on various efforts including IT and security." This would suggest that a joint operation by the two countries using the skills of the Iranian hackers to target enemies of North Korea is a serious possibility.
The attack on Sony Pictures, which North Korea has failed to deny involvement in, is said to be related to the imminent release of the film The Interview, which depicts a CIA plot to assassinate North Korean leader Kim Jong-Un and stars James Franco and Seth Rogen.
Sony Pictures are working with security firm Mandiant as well as the FBI to investigate the attack.
The Sony Pictures memo in full read:
It is now apparent that a large amount of confidential Sony Pictures Entertainment data has been stolen by the cyber attackers, including personnel information and business documents. This is the result of a brazen attack on our company, our employees and our business partners. This theft of Sony materials and the release of employee and other information are malicious criminal acts, and we are working closely with law enforcement.
The privacy and security of our employees are of real concern to us, and we are deeply saddened at this concerted effort to do damage to our company, undermine our morale, and discourage us. We are enormously proud of the resilience you have all shown in the face of this attack. The company is as busy as ever, and our business continues to move forward, thanks to your great efforts.
While we are not yet sure of the full scope of information that the attackers have or might release, we unfortunately have to ask you to assume that information about you in the possession of the company might be in their possession. While we would hope that common decency might prevent disclosure, we of course cannot assume that.
Yesterday, we told you that we are offering all employees identity protection services with a third-party service provider, AllClear ID, and that you would receive an email tomorrow outlining steps to sign up. If you sign up, the AllClear ID investigators would be available to answer your questions about how to handle disclosures of your confidential information.
We can't overemphasise our appreciation to all of you for your extraordinary hard work, commitment and resolve.