Sony Probes Alleged Cyberattack Amidst Dueling Hacker Claims

September 26, 2023

Sony is looking into claims of a cyberattack this week as two separate hacker groups have claimed responsibility for the alleged hack. Initially, an extortion group named RansomedVC asserted that they had attacked Sony's systems. They claimed to have compromised all of Sony's systems and had put Sony's 'data and access' up for sale. A note on RansomedVC's onion leak site read, 'We have successfully [compromised] all of Sony systems. We wont ransom them! we will sell the data. due to Sony not wanting to pay.'

However, the data sample posted by RansomedVC was relatively small, about 2 MB, consisting of a PowerPoint presentation, some Java source code files, Eclipse IDE screenshots, and other assets. RansomedVC alleged to have breached Sony's networks and stolen 260 GB of data during the attack, which they are trying to sell for $2.5 million. Despite its name, RansomedVC is an extortion group and not a ransomware operation. They stated they are still developing an encryptor. Sony Corporation was reached out to for confirmation about the attack. A Sony Group Corporation spokesperson responded, 'We are currently investigating the situation, and we have no further comment at this time.'

However, the situation is cloudy as another threat actor, MajorNelson, has also claimed responsibility for the attack and refuted RansomedVC's claims. MajorNelson posted on BreachForums, 'You journalists believe the ransomware crew for lies. Far too gullible, you should be ashamed. RansomedVCs are scammers who are just trying to scam you and chase influence. Enjoy the leak.' MajorNelson has 'leaked for free' a 2.4 GB compressed archive, which contains 3.14 GB of uncompressed data that they claim belongs to Sony. The threat actor states that the dump contains: 'A lot of credentials for internal systems,' and files related to Sony. The archive posted by MajorNelson had all of the files that were present in RansomedVC's small sample, but definitive attribution remains a challenge. While the data shared by the attackers does appear to belong to Sony, the veracity of either threat actor's claims could not be independently verified. Sony's most notable encounter with a cyber attack prior to this week's allegations occurred in 2014 when North Korean hackers breached Sony Pictures in an attempt to censure the screening of the film, The Interview.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.