SHAFAQNA (International Shia News Association) Sony Pictures Entertainment and the F.B.I. on Wednesday were seeking more information about an attack that crippled Sony’s computer systems — including whether North Korea, or perhaps a former employee, was responsible.
“The investigation continues into this very sophisticated cyberattack,” the studio said in a statement. It added that a news report by the technology site Re/code, which said that North Korea had been identified as the source of the attack and that the studio planned an imminent announcement, was “not accurate.”
Sony was hit by hackers on Nov. 24, resulting in a companywide computer shutdown and the leak of corporate information, including the multimillion-dollar pre-bonus salaries of executives and the Social Security numbers of rank-and-file employees. A group calling itself the Guardians of Peace has taken credit for the attacks.
The studio, working with various law enforcement agencies, has been exploring whether the breach was related to one of Sony’s coming movies, “The Interview,” a comedy about two American tabloid TV journalists recruited to assassinate the North Korean leader Kim Jong-un. North Korean officials have been sharply critical of the film.
On Monday evening, the F.B.I. issued a confidential five-page flash warning to security administrators at American corporations about a recently discovered form of destructive malware. The F.B.I. did not name Sony in the warning, which was obtained by The New York Times, but said that the malware was written in Korean and was “destructive” in nature. It commands a computer to sleep for two hours, after which the computer is shut down, rebooted and directed to start wiping all of its files, the agency said.
Meanwhile, a second American company, Deloitte, the consulting and auditing firm, was victimized on Wednesday after the hackers that hit Sony published confidential Deloitte data on Pastebin, an anonymous posting website. The data included salary information for more than 30,000 of its employees.
It was not clear whether the data was on Sony’s computer networks because of its work with Deloitte — the entertainment company has hired Deloitte in the past — or whether it was carried over by a former Deloitte employee now working at Sony.
The leaked data is likely to raise embarrassing questions about Deloitte’s own insider-threat program. The firm has aggressively marketed its digital threat intelligence services and has been providing advice to corporations about how to protect data from employee leaks.
Four months ago, Deloitte sponsored an article in The Wall Street Journal about how companies can more quickly identify employees who take internal data — the very issue it now finds itself addressing.
Jonathan Gandal, a Deloitte spokesman, said the company was aware of reports indicating that older Deloitte data may have been taken from a third party, but he said it could not confirm the veracity of the information.
Regarding leaked salary information, Mr. Gandal said: “Deloitte has long been recognized as a leader in its commitment to pay equality and all forms of inclusion.”
Though most of the speculation about the Sony breach has centered on North Korea, there are other possibilities under investigation, including that the attack was tied instead to an employee or former employee.
Though online attacks are becoming routine, it is rare for victims to be able to identify their attacker, and even rarer to see a company name them publicly.
But the hacking at Sony stands out from the scores of other attacks at American companies in the last year. The attackers did not just steal data, they also defaced Sony’s websites with ominous images of red skeletons and warnings and filled the company’s Twitter feeds with rants. The may have also facilitated the online pirating of five Sony films, including the unreleased “Annie.”
Jaime Blasco, a malware researcher at AlienVault, a security company in San Mateo, Calif., said that the attacks were routed through Internet Protocol addresses in Bolivia, Cyprus, Italy, Poland, Thailand and the United States, but that these were most likely hacked systems “that the attackers use to hide their origin.”
Mr. Blasco said that the Sony hacker or hackers “clearly had insider information into the company’s system, such as the names of the company’s internal directories and passwords to its internal servers.”