Russian hackers have a foothold in Sony Pictures' network, security firm says

Taia Global says that either intruders from the November breach never left, or Sony Pictures was hacked a second time

Sony Pictures Entertainment (SPE) might have a second security breach on its hands, or maybe the hackers from November's scandalous attack are still inside the company systems, according to a security firm that claims to have seen evidence of Russian hackers having access to SPE internal data.

The hackers accessed SPE's Culver City, California network in late 2014 by sending spear phishing emails to Sony employees in Russia, India and other parts of Asia, U.S. security intelligence firm Taia Global said Wednesday in a report.

"Those emails contained an attached .pdf document that was loaded with a Remote Access Trojan (RAT)," the report reads, adding that once employees' computers were infected, the hackers used advanced pivoting techniques to gain access to the California network. The hackers are still inside the network, according to Taia Global.

Taia Global claims that it obtained evidence supporting its conclusions through a Russian hacker known online as Yama Tough who, Taia Global said, served prison time in the U.S. for hacking offenses and was responsible for stealing source code from antivirus firm Symantec.

In mid-January, Yama Tough provided Taia Global president Jeffrey Carr with several Excel spreadsheets and emails allegedly stolen from Sony Pictures Entertainment by an unnamed Russian hacker, who Yama Tough claimed was a member of an attack team that hacked into SPE's network.

In November a group of hackers called the Guardians of Peace launched a destructive malware attack against SPE computers after gaining access to the company's network and stealing terabytes of sensitive documents. The group dumped some of the data online in the weeks following the breach.

The U.S. government blamed the North Korean government for the attack, with both FBI and NSA officials saying they're confident about the attribution. Some security firms and experts did not agree, including Taia Global, which based on a linguistic analysis of the English statements made by Guardians of Peace members following the attack concluded that they're most likely native Russian speakers.

Now Taia Global, given the evidence it has in its possession, thinks one of these two scenarios is closer to reality than the assessment from Sony and the U.S. government:

First, the Guardians of Peace and this newly-discovered Russian hacker group are one and the same. This would mean that Sony, its security contractors that investigated the breach and the U.S. government failed to identify all of the intruders' footholds in the SPE network, so attackers are still lurking in there.

Or second, the Guardians of Peace and the Russian hackers are different groups, and the latter has escaped detection so far.

While most of the SPE documents Taia Global claims to have obtained from the Russian hacker are from November and December, two of the emails are dated Jan. 14 and Jan. 23 respectively. This proves that "one or more Russian hackers were in Sony Pictures Entertainment's network at the time of the Sony breach [by Guardians of Peace] and continue to have access to that network today," Taia Global said.

Taia Global claims that two independent sources confirmed that the SPE documents shared by the Russian hacker with it were not among those previously leaked by Guardians of Peace on the Internet. That could be because the Guardians of Peace group retained some of the documents it stole and released them now. Or it could mean that the Guardians of Peace or a different group still have access to the network. Furthermore, "Taia Global has received independent confirmation from the author of one of the documents listed that it is indeed authentic," the company said.

Sony Pictures Entertainment did not immediately respond to a request for comment.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitydata breachintrusionSony Pictures EntertainmentTaia Global

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?