Sony Pictures Entertainment remains in a state of breach and is actively losing files to Russian mercenary hackers, according to U.S. security intelligence firm Taia Global. A team of Russian hackers gained access to Sony Pictures Entertainment Culver City network in late 2014 by sending spear phishing emails to Sony employees in Russia, India and other parts of Asia. Those emails contained an attached .pdf document that was loaded with a Remote Access Trojan (RAT).
Once Sony employees' computers were infected, the hackers used advanced pivoting techniques to gain access to the Sony Pictures Entertainment network in Culver City CA where they continue to have access as of today, according to this report.
The report raises questions about the sources and methods used by Sony’s investigators and the U.S. government who failed to identify the identity of the hackers. The report provides evidence that suggests two possibilities:
One - that Russian hackers and North Korean hackers ran separate attacks simultaneously against Sony Pictures Entertainment.
Two - that the North Korean government’s denial of involvement in the Sony breach is accurate; meaning that they had nothing to do with the Sony attack, that other hackers did, and at least one or more of those that did were Russian.
"Regardless of which possibility is correct, the attribution made in the Sony case failed to differentiate or even acknowledge that more than one state or non-state actor was involved," the report claims.
Furthermore, Taia Global claims that the Data Forensics and Incident Response companies hired by Sony to remediate this breach have, to date, failed to do so.
The report claims that that one or more Russian hackers were in Sony Pictures Entertainment’s network at the time of the Sony breach and continue to have access to that network today.
SPE has not provided any comment yet.