U.S. investigators believe that North Korea likely hired hackers from outside the country to help with last month's massive cyberattack against Sony Pictures, an official close to the investigation said on Monday.
As North Korea lacks the capability to conduct some elements of the sophisticated campaign by itself, U.S. investigators are looking at the possibility that Pyongyang “contracted out” some of the cyber work, according to the official, who was not authorized to speak on the record about the investigation.
The attack on Sony Pictures is regarded to be the most destructive ever against a company on U.S. soil because the hackers not only stole huge quantities of data, but also wiped hard drives and brought down much of the studio's network for more than a week.
While U.S. officials investigate whether North Korea enlisted help from outside contractors, the FBI stood by its previous statement that Pyongyang was the prime author of the attack against the Sony Corp unit.
“The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment,” the Federal Bureau of Investigation said in a statement to Reuters.
“There is no credible information to indicate that any other individual is responsible for this cyber incident,” the FBI said.
North Korea has denied that it was behind the Sony attack and has vowed to hit back against any U.S. retaliation.
The people who claimed responsibility for the hack have said on Internet postings that they were incensed by the film “The Interview,” a Sony Pictures comedy about a fictional assassination of North Korean leader Kim Jong Un.
Some security experts have begun to question the FBI's assertion that Pyongyang was behind the cyberattack. For instance, consulting firm Taia Global said the results of a linguistic analysis of communications from the suspected hackers suggest they were more likely from Russia than North Korea. Cybersecurity firm Norse said it suspects a Sony insider might have helped launch the attack.
“I think the government acted prematurely in announcing unequivocally that it was North Korea before the investigation was complete,” said Mark Rasch, a former federal cybercrimes prosecutor. “There are many theories about who did it and how they did it. The government has to be pursuing all of them.”