Evidence in Sony cyberattack probe points to NorthCyber investigators looking for the culprits of a devastating hack into Sony Pictures Entertainment have found some links to North Korea - hacking tools similar to those used by that country in previous attacks on South Korea.
A person familiar with the company’s investigation said on Wednesday that investigators hired by the company made the connection as they reviewed evidence left by the hackers. The person was not authorized to publicly discuss the Sony probe and requested anonymity.
North Korea has been suggested by some experts as a possible source of the attack that exposed massive volumes of internal company data and shut down the computer systems of one of Hollywood’s biggest studios.
The hacking launched on Nov. 24 came a month before the entertainment unit at Sony Corporation is due to release “The Interview,” a comedy starring James Franco and Seth Rogen as two journalists recruited by the CIA to assassinate North Korean leader Kim Jong-un.
The Pyongyang government denounced the film as “undisguised sponsoring of terrorism, as well as an act of war” in a letter to UN Secretary General Ban Ki-moon in June.
The tech news site Re/code reported earlier on Wednesday that Sony intends to name North Korea as the source of the attack. But when asked about the Re/code report, a Sony spokeswoman said no announcement from the studio was coming.
U.S. national security officials also said government agencies still had not determined whether North Korea was responsible for the Sony Pictures attack.
The hacking has alarmed the government and cyber security experts, who say this is the first major attack on a U.S. company to use a highly destructive class of malicious software that is designed to incapacitate computer networks. The FBI issued a warning to U.S. businesses on Monday.
The attack’s ramifications appear to have spread beyond Sony. Information released by the hackers included documents that appeared to detail 2005 salaries and other personnel information from accounting and consulting firm Deloitte & Touche, according to cable news network Fusion. The data may have come from the computer of a Sony employee who previously worked at Deloitte and had saved some files, Fusion said in its report.
Deloitte spokesman Jonathan Gandal said company officials “have not confirmed the veracity of this information at this time.”
Sony hired security firm FireEye and its Mandiant forensics unit to lead the probe. Mandiant has handled some of the largest data breaches, including the 2013 holiday attack on Target Corporation.
One national security official said that numerous governments, groups and individuals are capable of mounting sophisticated hacking attacks, and that at this point the offensive on Sony Pictures did not appear particularly unique. Another official said that it was still too soon after the hack to make definitive assessments of responsibility.
Representatives of the FBI and Department of Homeland Security, which are conducting a separate investigation into the attack, declined to comment, as did the Justice Department and White House.
JPMorgan Chase & Co Chief Executive Officer Jamie Dimon, whose bank was recently hit by hackers stealing records of 83 million customers, said companies need to learn how to cope with cyber threats like the Sony hack.
“I mean, I wouldn’t freak out about it. I would just take it like a serious issue of security,” Dimon told Reuters after an event hosted by the Business Roundtable in Washington.
Sony has struggled to get all of its systems back up nine days after the attack and studio co-chiefs told staff in a memo on Tuesday that they still did not know the “full scope of information that the hackers might have or release.”
They said personnel and business information was compromised, without giving further details.