Sony Pictures Entertainment made its first substantive comments about the devastating hacking attack against it last month, calling the effort “unprecedented in nature” and an “unparalleled crime” carried out by “an organized group.”
The comments, attributed to Kevin Mandia — head of security firm Mandiant, which has been helping Sony in its investigation of the incident — were contained in an internal memo to the studio’s employees from CEO Michael Lynton which was obtained by Re/code.
The memo sheds no light on whom Sony suspects may have carried out the attack. Lynton said only that “the investigation is ongoing.”
Sony, Mandiant and the FBI are investigating the possibility that North Korea had a hand in the attack, in part because of its complaints about a forthcoming Sony Pictures film called “The Interview.” Re/code first reported a possible North Korean connection on Nov. 28. Investigators are also considering the possibility that a disgruntled employee may have been involved in the attack.
In his comments, Mandia described the malicious software used in the attack against Sony as “undetectable by industry standard antivirus software.” He also said that the scope of the attack is unlike any other previously seen, primarily because its perpetrators sought to both destroy information and to release it to the public. The attack is one “for which neither SPE nor other companies could have been fully prepared,” Mandia said.
Sony’s comments on the attack come on the same day that North Korea denied any connection to it, but in the same breath praised the efforts of those responsible for it.
Here’s Lynton’s memo to Sony employees in full:
Over the last week, some of you have asked about the strength of our information security systems and how this attack could have happened. There is much we cannot say about our security protocols for obvious reasons, but we wanted to share with you a note we received today from Kevin Mandia, the founder of the expert cybersecurity firm that is investigating the cyber-attack on us. The investigation is ongoing, but Mr. Mandia’s note is helpful in understanding the nature of what we are dealing with. Full text below.
We also want to thank you once again for your resilience and resourcefulness in carrying out our critical day-to-day activities under incredibly stressful circumstances. As a result of your efforts, we have made great progress moving our business forward, and we will continue to do so.
— — —
Dear Michael,As our team continues to aid Sony Pictures’ response to the recent cyber-attack against your employees and operations, I wanted to take a moment to provide you with some initial thoughts on the situation.
This attack is unprecedented in nature. The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat.
In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.
We are aggressively responding to this incident and we will continue to coordinate closely with your staff as new facts emerge from our investigation.
Sincerely,
Kevin Mandia
This article originally appeared on Recode.net.
