While the North Korean government has been blamed for the attack on Sony Pictures Entertainment’s network, Russian hackers also breached Sony’s network last fall and continued to have at-will access well into January 2015.
This is according to a new report issued today by cyber security firm Taia Global, whose President Jeffrey Carr has been in communication with Yama Tough, a Russian hacker living in Ukraine who made contact with one of the Russian crew involved in the Sony breach. Yama Tough has served time in the U.S., was deported to Russia, and has been responsible for network breaches involving Symantec, VMware, Innodata Isogen, and SearchInform to name a few.
The evidence obtained by Yama Tough from this un-named Russian hacker consists of seven Excel spreadsheets five of which are dated from November 30, 2014 through December 10, 2014, and six email messages, two of which are dated Jan 14 and Jan 23, 2015. It also includes the “Employee Update” message of December 8 which discussed the “system disruption,” advised all employees not to use any thumb drives that had been plugged into Sony’s network prior to November 23rd, and provided a list of unlocked Ricoh printers and their locations.
All of the documents appear to be authentic and one has been proven to be authentic by the film analyst who created it. They are not part of any prior release by the Guardians of Peace, the presumably North Korean team who claimed credit for the attack.
This new evidence suggests two possibilities: that Russian hackers and North Korean hackers ran separate attacks simultaneously against Sony Pictures Entertainment, or that the North Korean government’s denial of involvement in the Sony breach is accurate, that other hackers were responsible, and at least one or more of them were Russian.
Taia Global’s report “The Sony Breach: From Russia, No Love” is available at its website here.
