Sony Cyberattack Controversy Deepens as Hackers Quarrel Over Responsibility
In a rapidly unfolding cyber drama, Sony has confirmed that it’s in the midst of a full-scale investigation regarding allegations of a significant data breach. This inquiry comes as two separate hacking entities tussle over which group was truly behind the attack.
RansomedVC, a known extortionist group, initially made headlines by claiming responsibility for the attack on Sony’s systems. Their statement read, “We have successfully compromised all of Sony systems” and added that instead of ransoming Sony, they would be selling the acquired data. They attributed this move to Sony’s purported unwillingness to meet their financial demands.
Notably, RansomedVC’s initial data release, as observed by cybersecurity outlet BleepingComputer, was quite limited in size — a mere 2MB. It included a PowerPoint presentation, Java source code files, Eclipse IDE snapshots, among other documents. Their audacious claim to BleepingComputer was that they had pilfered a whopping 260 GB of Sony’s data, which they pegged at a selling price of $2.5 million.
In an unexpected twist, another digital malefactor going by the alias ‘MajorNelson’ burst onto the scene, denouncing RansomedVC’s claims and taking credit for the cyber intrusion themselves. MajorNelson publicly rebuked the media for their apparent naiveté in a post on BreachForums, stating, “You journalists believe the ransomware crew for lies. Far too gullible, you should be ashamed.” He labeled RansomedVC as mere “scammers” attempting to manipulate and mislead the public.
In a bid to prove authenticity, MajorNelson released a 2.4 GB compressed file, which when decompressed, measured up to 3.14 GB. The data, he asserted, originated from Sony and contained sensitive information such as internal system credentials, files tied to SonarQube and Creators Cloud, Sony’s digital certificates, a device emulator for producing licenses, qasop security, and even Sony’s incident response policies. A notable point is that MajorNelson’s leaked data set also contained the files RansomedVC had previously shared, further muddying the waters.
BleepingComputer, while confirming the data appears to be from Sony, was unable to determine the authenticity of either hacker group’s assertions.
A Sony Group Corporation spokesperson has been reserved in their statements, offering, “We are currently investigating the situation, and we have no further comment at this time.”
This incident marks another dark chapter in Sony’s cyber history, reminiscent of the 2014 assault by North Korean hackers against Sony Pictures, in retaliation for the satirical movie, “The Interview.”
As the details around this new hack continue to unravel, questions abound. Who was the real culprit? Was it an inside job, a third-party not yet known, or one of the two quarreling entities? What does this mean for Sony’s cybersecurity posture, and what lessons can businesses worldwide derive from this episode?
Isogent will continue to monitor developments and provide updates as this cyber saga continues.
