Sony Pictures Entertainment security advisers believe the cyberattack on the company’s computer systems was the work of an organised group, chief executive Michael Lynton said in an email to his staff.
Mr Lynton said that the investigation into the attack, which has paralysed the company’s computers for almost two weeks, is continuing. Responding to staff concerns about security, he passed on a message he received from Kevin Mandia, chief operating officer of FireEye, the cybersecurity firm assisting Sony Pictures in its investigation.
Mr Mandia described the attack on Sony’s film and television studio as unprecedented and said the malware used was undetectable by industry-standard antivirus software.
“This was an unparalleled and well-planned crime, carried out by an organised group,” Mr Mandia said in the email, adding that neither Sony nor other companies “could have been fully prepared.”
Over the past week, a group calling itself “Guardians of Peace” paralysed the US unit is computers and disseminated thousands of confidential documents. Some contained thousands of Social Security numbers of employees and celebrities and sucked in other firms such as the accounting firm Deloitte & Touche, which also as a result had pay information leaked.
Studio employees recently received an email from the purported hackers, threatening their families and the studio. The email, saying it is from the head of the Guardians of Peace, calls on Sony employees to sign their names at an email address. It says their families will be in danger if they do not comply.
The studio said it is aware of the threatening email and is working with law enforcement. The Federal Bureau of Investigation said it is aware of the situation.
A Sony internal investigation has linked the hacking to a group associated with North Korea known as DarkSeoul, according to a person familiar with the matter. DarkSeoul wiped out computers of South Korean banks and broadcasters in March 2013.
North Korean supporters may have carried out the attack, that country’s news agency said, citing an unidentified spokesman at the National Defense Commission. While North Korea does not know why Sony Pictures was targeted, it does know the company is producing a film that defames its leadership, state- run Korea Central News Agency cited the spokesman as saying.
Sony Pictures is due to release The Interview on December 25, an R-rated Seth Rogen comedy about a plot to kill North Korean leader Kim Jong Un.
In June, North Korea promised to “mercilessly destroy” anyone associated with the film. The country’s government described the project as an “act of a war,” according to the BBC. An unnamed North Korean diplomat this week denied the government had any role in the hacking, Voice of America reported.