Remember that little issue Sony had a few months ago? The one where loads of personal and professional e-mails, spreadsheets, records, contracts, etc. were stolen from Sony’s servers? The same one that was almost immediately blamed on North Korea due to the impending release of a widely panned comedy about their dear leader? It turns out that the Sony hack was almost certainly not carried out by North Korean hackers, new evidence has come to show that it was most likely a team of Russian blackhat hackers.
When the blame was first placed on North Korea, many people found that hard to believe. While North Korea likely does have state-sponsored hackers, it did not seem like much of a stretch to assume that they wouldn’t have been able to pull off this sort of theft. The real smoking gun comes from a report released by Taia Global, a US security and intelligence firm.
In this report, Taia explains how they worked with a well-known Russian hacker, Yama Tough, to root out who was behind this hack. Yama Tough was able to make contact with one of the hackers responsible for the breach, who he described as a Russian blackhat hacker. In order to prove that this subject – referred to as an Unnamed Russian Hacker, or URH in Taia’s report – was in fact part of the Sony Hack:
…URH provided Yama Tough with two Excel spreadsheets that were not included in any of
the earlier Sony data dumps. One week later, URH provided 100MB of Sony data to Yama
Tough who in turn provided a sampling of six files to Taia Global. After that came several Sony
emails with dates as late as January 14 and January 23, 2015. It became apparent that URH
had ongoing access to Sony’s network despite the numerous companies and agencies involved
in investigating the breach.
So it’s entirely possible that Sony is still compromised today, or was compromised as recently as a few weeks ago. Taia’s report goes on to confirm that the documents from January are, in fact, authentic, causing them to question Sony’s security response to this breach. Taia also questions why North Korea was so quickly blamed when they were able to find several pieces of evidence linking the attack to a Russian hacker, or group of hackers.
It raises questions about the sources and methods used by Sony’s investigators and the U.S.
government who failed to identify the Russian hackers involved and to differentiate them from
the alleged DPRK hackers.
They also discuss how the URH gained access to Sony’s network. If you have phishing on your bingo card, you are the winner! The hacker used spear phishing e-mails sent to Sony employees in Asia and Russia to get into the system. They were eventually about to use a similar phishing technique to get a Sony Systems Administrator’s credentials which gave them access to just about anything they could want. As is often the case, it wasn’t really a server that was cracked, it was an employee that gave up their login information. The important takeaway here is, of course, pay attention to where you’re providing your login information.
Were Russian hackers really behind the Sony hack? Or was this just a clever ruse by North Korea to throw the authorities off of their trail? It’s honestly probably the former, but let us know what you think in the comments below, or on Google+, Facebook, or Twitter.Source: Security Affairs