Malware in Sony Attack 'Undetectable by Industry Standard'

Sony
U.S. officials have said the North Korean government was “centrally involved” in the hack on Sony’s systems. Toru Hanai/Reuters

Sony has made its first public comment following an invasive hack on its systems in late November. The hack included the release of thousands of files, including five films and employees' Social Security numbers and payroll information. The group behind the hack, which calls itself the "Guardians of Peace," is thought to be acting in reaction to an upcoming Sony Pictures comedy in which James Franco and Seth Rogan try to assassinate North Korean leader Kim Jong-Un. North Korea has denied direct involvement in the attack.

Last Friday, the group sent an email to Sony employees threatening both the employees and their families. Kevin Mandi, who leads security firm Mandiant, the company tasked with the Sony investigation, has since discussed the hack in an email with Sony CEO Michael Lynton. Technology website Re/code obtained this copy of a memo in which Lynton forwards the email to Sony employees:

Over the last week, some of you have asked about the strength of our information security systems and how this attack could have happened. There is much we cannot say about our security protocols for obvious reasons, but we wanted to share with you a note we received today from Kevin Mandia, the founder of the expert cybersecurity firm that is investigating the cyber-attack on us. The investigation is ongoing, but Mr. Mandia's note is helpful in understanding the nature of what we are dealing with. Full text below.

We also want to thank you once again for your resilience and resourcefulness in carrying out our critical day-to-day activities under incredibly stressful circumstances. As a result of your efforts, we have made great progress moving our business forward, and we will continue to do so.

— — —

Dear Michael,

As our team continues to aid Sony Pictures' response to the recent cyber-attack against your employees and operations, I wanted to take a moment to provide you with some initial thoughts on the situation.

This attack is unprecedented in nature. The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat.

In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.

We are aggressively responding to this incident and we will continue to coordinate closely with your staff as new facts emerge from our investigation.

Sincerely,

Kevin Mandia

Re/code has speculated that the attack may also be the work of a "disgruntled employee." Thus far, only the anonymous Guardians have taken responsibly for the hack.