Corporate network pulled offline.
Earlier this evening, an email was sent to Salted Hash from someone claiming to be an employee of Sony Pictures.
The email used broken English, which would normally raise red flags, but the image attached to the curious message shows an alternate look at the message left on Sony Picture’s network, lending some credibility to the claim that it came from someone on the inside. However, this cannot be confirmed fully.
The image shows the second half of the message left by GOP, the group that is taking credit for the security incident, which tells Sony Pictures how initiate contact with their attackers. The newest details are printed below, complete with typos.
Post an email address and the following sentence on your twitter and facebook, and we’ll contact the email address.
“Thanks a lot to God’sApstls contributing your great effort to peace of the world.”
And even if you just try to seek out who we are, all of your data will be released at once.
In a statement, a Sony Pictures Entertainment spokesperson offered a single answer to questions: “We are investigating an IT matter.”
Sources close to the situation have told Salted Hash that they were within earshot when the director of the internal IT security team at Sony Pictures was informed about the compromise.
After notification, employees were told to turn their computers off, disable Wi-Fi on their mobile devices, and to refrain from accessing the corporate VPN. We’re unable to confirm, but there are reports that some staff have been told to go home for the day, and others are being told to wait for access to be restored.
Sony Pictures is said to be in the middle of a security incident, based on reports from employees, after a group calling themselves GOP (Guardians of Peace) left a threatening message that was displayed on monitors across the network on Monday.
The message is below:
Hacked By #GOP
We’ve already warned you, and this is just a beginning.
We continue till our request be met.
We’ve obtained all your Internal data, Including your secrets and top secret [clip]
If you don’t obey us, we’ll release data shown below to the world.
Determine what will you do till November the 24th, 11:00 PM (GMT).
It’s said that Sony has disabled their corporate network in order to deal with this situation. Salted Hash has reached out to them for comment, in order to get a better understanding of the situation, but there was no response by deadline.
Users on Reddit have downloaded the file referenced by the GOP, which contains lists of data allegedly compromised by the group. Salted Hash has seen the file promoted by GOP, and can confirm the findings on Reddit in full.
Among the items reported as compromised, GOP says they’ve accessed private key files; source code files (CPP), password files (including passwords for Oracle and SQL databases), inventory lists for hardware and other assets, production outlines and templates, as well as production schedules and notes.
According to the warning GOP says they plan to publish the compromised data later this evening. This story will be updated with further developments.