Russian hack on Sony provokes questions over North Korea role

Sony’s networks were exposed to Russian hackers around the time of the devastating attack on its movie subsidiary last autumn, according to the cybersecurity firm Taia Global.

Workers in Russia, India and other parts of Asia were said to be targeted with spear-phishing emails containing a PDF and remote access trojan (RAT), which in turn allowed the hackers to gain access Sony Pictures Entertainment networks.

"The presence of Russians in an attack attributed with the highest confidence of the US intelligence community to the DPRK (North Korea) suggests that those who speculated about multiple attackers with different agendas were correct," Taia said.

"Another option is that the DPRK was telling the truth when they denied involvement in the Sony attack."

It added that regardless of who was responsible the FBI and the NSA had failed to acknowledge that multiple actors were involved in the attack, and that security companies since hired by Sony have "failed" to fix the Russian breach, which appears to still be active.

Taia claims it able to determine Russian involvement through linguistic analysis and the cooperation of several sources in the Russian hacking community, particularly convicted black hat hacker Yama Tough.

"This [report] does not rule out North Korea’s involvement however it does raise questions about how contradictory evidence presented by numerous researchers and companies including Taia Global was evaluated," Taia added.

"Taia Global presented linguistic evidence that indicated the likelihood that Russian hackers were involved, however Taia Global was never contacted by any of the investigating agencies, nor Sony, nor any of the companies that it hired for incident response."

Many cybersecurity experts have questioned North Korea as the culprit, while a number of alleged sources from the "Guardians of Peace", the name of the group behind the attack, have given contradictory reports to the press for the motive behind the attack.

Among the reasons given were the launch of Sony film The Interview, which features the North Korean tyrant Kim Jong-un and has been condemned by the country’s government, as well as personal grudges held by employees against the firm.

The FBI claims to have recorded IP addresses used by the hackers when their proxy servers malfunctioned, but some believe these to have been false flags used to mislead investigators.