Sony investigates cyberattack as hackers fight over who’s responsible


Sony says that it is investigating allegations of a cyberattack this week as different hackers have stepped up to claim responsibility for the purported hack.

While claims of attacking Sony’s systems were initially made by an extortion group called RansomedVC, a different threat actor has touted themselves to be the attackers and refuted RansomedVC’s claims.

Thus far, over 3.14 GB of uncompressed data, allegedly belonging to Sony, has been dumped on hacker forums.

Sony investigating as 3.14 GB of data leaked

This week, a threat actor by the name of RansomedVC claimed it had hacked SONY.com and put its “data and access” up for sale.

“We have successfully [compromised] all of Sony systems,” read a note posted on RansomedVC’s onion leak site. “We wont ransom them! we will sell the data. due to Sony not wanting to pay.”

RansomedVC post with small sample of data
RansomedVC post with a small sample of data
(BleepingComputer)

BleepingComputer observed the sample data posted by RansomedVC was minuscule, about 2 MB—comprising a PowerPoint presentation, some Java source code files, Eclipse IDE screenshots, and other assets.

RansomedVC claimed to BleepingComputer that it had breached Sony’s networks and stolen 260 GB of data during the attack that they are attempting to sell for $2.5 million.

Contrary to its name, RansomedVC is an extortion group, rather than a ransomware operation, as they told us they are still developing an encryptor.

We reached out to Sony Corporation for confirmation about the attack.

“We are currently investigating the situation, and we have no further comment at this time,” a Sony Group Corporation spokesperson told BleepingComputer this morning.

However, the matters have become murky, with another threat actor ‘MajorNelson’ also claiming responsibility for the attack, and refuting RansomedVC’s claims.

“You journalists believe the ransomware crew for lies. Far too gullible, you should be ashamed,” the threat actor MajorNelson posted on BreachForums, criticizing recent news reports that have attributed the attack as real without confirmation and credited RansomedVC.

“RansomedVCs are scammers who are just trying to scam you and chase influence. Enjoy the leak.”

BreachForums post leaking gigs of data purportedly belonging to Sony
BreachForums post leaking gigs of data purportedly belonging to Sony
(BleepingComputer)

Contrary to posting a small sample, MajorNelson has “leaked for free” a 2.4 GB compressed archive, which contains 3.14 GB of uncompressed data that it claims belongs to Sony.

The threat actor states that the dump contains:

“A lot of credentials for internal systems,” and files related to:

  • SonarQube
  • Creators Cloud
  • Sony’s certificates
  • A device emulator for generating licenses
  • qasop security
  • Incident response policies
  • and more.

BleepingComptuer further observed the archive posted by MajorNelson had all of the files that were present in RansomedVC’s small sample, but definitive attribution remains a challenge.

While the data shared by the attackers does appear to belong to Sony, BleepingComputer was not able to independently verify the veracity of either threat actor’s claims.

Prior to this week’s allegations, Sony’s most prominent encounter with a cyber attack happened in 2014 when North Korean hackers breached Sony Pictures in an attempt to censure the screening of the film, The Interview.



Source link