Russian hackers have a foothold in Sony Pictures' network, security firm says

Taia Global says that either intruders from the November breach never left, or Sony Pictures was hacked a second time

Sony Pictures Entertainment (SPE) might have a second security breach on its hands, or maybe the hackers from November's scandalous attack are still inside the company systems, according to a security firm that claims to have seen evidence of Russian hackers having access to SPE internal data.

The hackers accessed SPE's Culver City, California network in late 2014 by sending spear phishing emails to Sony employees in Russia, India and other parts of Asia, U.S. security intelligence firm Taia Global said Wednesday in a report.

"Those emails contained an attached .pdf document that was loaded with a Remote Access Trojan (RAT)," the report reads, adding that once employees' computers were infected, the hackers used advanced pivoting techniques to gain access to the California network. The hackers are still inside the network, according to Taia Global.

Taia Global claims that it obtained evidence supporting its conclusions through a Russian hacker known online as Yama Tough who, Taia Global said, served prison time in the U.S. for hacking offenses and was responsible for stealing source code from antivirus firm Symantec.

In mid-January, Yama Tough provided Taia Global president Jeffrey Carr with several Excel spreadsheets and emails allegedly stolen from Sony Pictures Entertainment by an unnamed Russian hacker, who Yama Tough claimed was a member of an attack team that hacked into SPE's network.

In November a group of hackers called the Guardians of Peace launched a destructive malware attack against SPE computers after gaining access to the company's network and stealing terabytes of sensitive documents. The group dumped some of the data online in the weeks following the breach.

The U.S. government blamed the North Korean government for the attack, with both FBI and NSA officials saying they're confident about the attribution. Some security firms and experts did not agree, including Taia Global, which based on a linguistic analysis of the English statements made by Guardians of Peace members following the attack concluded that they're most likely native Russian speakers.

Now Taia Global, given the evidence it has in its possession, thinks one of these two scenarios is closer to reality than the assessment from Sony and the U.S. government:

First, the Guardians of Peace and this newly-discovered Russian hacker group are one and the same. This would mean that Sony, its security contractors that investigated the breach and the U.S. government failed to identify all of the intruders' footholds in the SPE network, so attackers are still lurking in there.

Or second, the Guardians of Peace and the Russian hackers are different groups, and the latter has escaped detection so far.

While most of the SPE documents Taia Global claims to have obtained from the Russian hacker are from November and December, two of the emails are dated Jan. 14 and Jan. 23 respectively. This proves that "one or more Russian hackers were in Sony Pictures Entertainment's network at the time of the Sony breach [by Guardians of Peace] and continue to have access to that network today," Taia Global said.

Taia Global claims that two independent sources confirmed that the SPE documents shared by the Russian hacker with it were not among those previously leaked by Guardians of Peace on the Internet. That could be because the Guardians of Peace group retained some of the documents it stole and released them now. Or it could mean that the Guardians of Peace or a different group still have access to the network. Furthermore, "Taia Global has received independent confirmation from the author of one of the documents listed that it is indeed authentic," the company said.

Sony Pictures Entertainment did not immediately respond to a request for comment.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Taia Globalintrusionsecuritydata breachSony Pictures Entertainment

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?